Error when trying exosol personal

Will · January 17, 2026, 3:46pm

Hello to all!

I decided to give a try to Exasol and wanted to try with the Exasol Personal.

I have setup a user in my AWS with the permissions documented here, but when I run <path>\exasol.exe install I get an error. It seems the client needs to execute the action ssm:PutParameter, but the policies of the public page aren’t enough for executing it.

What are the minimum policies required to install the Exasol personal?

Jan 17 14:07:23.336 ERR random_id.deployment_id: Creating…
Jan 17 14:07:23.339 ERR tls_private_key.tls_key: Creating…
Jan 17 14:07:23.339 ERR tls_private_key.tls_ca_key: Creating…
Jan 17 14:07:23.339 ERR tls_private_key.ssh_key: Creating…
Jan 17 14:07:23.339 ERR time_static.deployment_created: Creating…
Jan 17 14:07:23.340 ERR random_id.deployment_id: Creation complete after 0s [id=YekZMw]
Jan 17 14:07:23.342 ERR tls_private_key.tls_ca_key: Creation complete after 0s [id=2786ef0defc9a18e03575669eed0a022ca3e3b68]
Jan 17 14:07:23.342 ERR tls_private_key.tls_key: Creation complete after 0s [id=a86675bd94bbd8f2608e7209281128c75429af7e]
Jan 17 14:07:23.343 ERR time_static.deployment_created: Creation complete after 0s [id=2026-01-17T13:07:23Z]
Jan 17 14:07:23.345 ERR random_password.adminui: Creating…
Jan 17 14:07:23.345 ERR random_password.db: Creating…
Jan 17 14:07:23.354 ERR tls_cert_request.tls_request: Creating…
Jan 17 14:07:23.357 ERR tls_self_signed_cert.tls_ca_cert: Creating…
Jan 17 14:07:23.657 ERR tls_cert_request.tls_request: Creation complete after 1s [id=f317cb898f31d758a692a0b58f8ca6d96604e433]
Jan 17 14:07:23.658 ERR tls_self_signed_cert.tls_ca_cert: Creation complete after 1s [id=117707105886183849536923653068189178364]
Jan 17 14:07:23.666 ERR tls_locally_signed_cert.tls_cert: Creating…
Jan 17 14:07:23.674 ERR tls_locally_signed_cert.tls_cert: Creation complete after 0s [id=330169637866651708546962522069315544755]
Jan 17 14:07:23.724 ERR random_password.db: Creation complete after 1s [id=none]
Jan 17 14:07:23.727 ERR random_password.adminui: Creation complete after 1s [id=none]
Jan 17 14:07:23.735 ERR local_file.deployment_secrets: Creating…
Jan 17 14:07:23.740 ERR local_file.deployment_secrets: Creation complete after 0s [id=6dbb49ff54b9e9e23efedf6548a88deeb9f12b32]
Jan 17 14:07:23.957 ERR random_shuffle.az_selection: Creating…
Jan 17 14:07:23.960 ERR random_shuffle.az_selection: Creation complete after 0s [id=-]
Jan 17 14:07:23.973 ERR aws_vpc.vpc: Creating…
Jan 17 14:07:23.973 ERR aws_ebs_volume.data_disks[“n11”]: Creating…
Jan 17 14:07:24.616 ERR tls_private_key.ssh_key: Creation complete after 2s [id=86d7f459eeaa9c7c128bd8155ff9c0532c658610]
Jan 17 14:07:24.624 ERR aws_key_pair.instance_key: Creating…
Jan 17 14:07:24.624 ERR aws_ssm_parameter.ssh_private_key: Creating…
Jan 17 14:07:24.626 ERR local_file.private_key: Creating…
Jan 17 14:07:24.630 ERR local_file.private_key: Creation complete after 0s [id=c675d57da8f5086972725d8b5e6aa9e05a791b61]
Jan 17 14:07:24.836 ERR aws_key_pair.instance_key: Creation complete after 0s [id=exasol-61e91933-key]
Jan 17 14:07:33.974 ERR aws_vpc.vpc: Still creating… [10s elapsed]
Jan 17 14:07:33.975 ERR aws_ebs_volume.data_disks[“n11”]: Still creating… [10s elapsed]
Jan 17 14:07:34.514 ERR aws_ebs_volume.data_disks[“n11”]: Creation complete after 11s [id=vol-0c82f620ece118366]
Jan 17 14:07:34.550 ERR data.cloudinit_config.cloud_config[“n11”]: Reading…
Jan 17 14:07:34.558 ERR data.cloudinit_config.cloud_config[“n11”]: Read complete after 0s [id=2748441386]
Jan 17 14:07:35.661 ERR aws_vpc.vpc: Creation complete after 12s [id=vpc-03f8f04bb86c0dd06]
Jan 17 14:07:35.687 ERR aws_internet_gateway.gateway: Creating…
Jan 17 14:07:35.690 ERR aws_subnet.subnet: Creating…
Jan 17 14:07:35.700 ERR aws_security_group.exasol_instance: Creating…
Jan 17 14:07:36.106 ERR aws_internet_gateway.gateway: Creation complete after 0s [id=igw-007a865dcef64e688]
Jan 17 14:07:36.123 ERR aws_route_table.route_table: Creating…
Jan 17 14:07:37.101 ERR aws_route_table.route_table: Creation complete after 1s [id=rtb-0152d89249608fd6a]
Jan 17 14:07:38.195 ERR aws_security_group.exasol_instance: Creation complete after 2s [id=sg-06397050de022cc67]
Jan 17 14:07:45.690 ERR aws_subnet.subnet: Still creating… [10s elapsed]
Jan 17 14:07:46.698 ERR aws_subnet.subnet: Creation complete after 11s [id=subnet-092f1bd819849c454]
Jan 17 14:07:46.709 ERR aws_route_table_association.route_table_assoc: Creating…
Jan 17 14:07:46.724 ERR aws_instance.nodes[“n11”]: Creating…
Jan 17 14:07:47.069 ERR aws_route_table_association.route_table_assoc: Creation complete after 0s [id=rtbassoc-0884a82d5de8501ed]
Jan 17 14:07:56.724 ERR aws_instance.nodes[“n11”]: Still creating… [10s elapsed]
Jan 17 14:07:59.397 ERR aws_instance.nodes[“n11”]: Creation complete after 12s [id=i-044bfc6a706aa3187]
Jan 17 14:07:59.407 ERR aws_ec2_instance_state.node_state[“n11”]: Creating…
Jan 17 14:07:59.408 ERR aws_volume_attachment.data_disks[“n11”]: Creating…
Jan 17 14:08:09.407 ERR aws_ec2_instance_state.node_state[“n11”]: Still creating… [10s elapsed]
Jan 17 14:08:09.408 ERR aws_volume_attachment.data_disks[“n11”]: Still creating… [10s elapsed]
Jan 17 14:08:09.623 ERR aws_ec2_instance_state.node_state[“n11”]: Creation complete after 11s [id=i-044bfc6a706aa3187]
Jan 17 14:08:09.634 ERR data.aws_instance.nodes[“n11”]: Reading…
Jan 17 14:08:11.130 ERR data.aws_instance.nodes[“n11”]: Read complete after 1s [id=i-044bfc6a706aa3187]
Jan 17 14:08:11.153 ERR local_file.deployment_info: Creating…
Jan 17 14:08:11.158 ERR local_file.deployment_info: Creation complete after 0s [id=087b741bf6b9f49c400f2e23452d2b3264c90498]
Jan 17 14:08:19.409 ERR aws_volume_attachment.data_disks[“n11”]: Still creating… [20s elapsed]
Jan 17 14:08:20.468 ERR aws_volume_attachment.data_disks[“n11”]: Creation complete after 21s [id=vai-2987957174]
Jan 17 14:08:20.481 ERR ╷
Jan 17 14:08:20.481 ERR │ Error: creating SSM Parameter (/exasol-61e91933/ssh_private_key): operation error SSM: PutParameter, https response error StatusCode: 400, RequestID: 6797b7fd-47fa-4953-a014-c740edd16e65, api error AccessDeniedException: User: redacted is not authorized to perform: ssm:PutParameter on resource: arn:aws:ssm:eu-central-1:redacted:parameter/exasol-61e91933/ssh_private_key because no identity-based policy allows the ssm:PutParameter action

realtdegen · January 17, 2026, 6:40pm

Hi Will

The error is caused by missing IAM permission for ssm:PutParameter on the SSM Parameter Store path where the SSH private key should be written, so the deployment user is not allowed to store /exasol-61e91933/ssh_private_key in SSM.

What the error means

The failing resource is aws_ssm_parameter.ssh_private_key that tries to create /exasol-61e91933/ssh_private_key in Parameter Store as a (secure) parameter.
AWS returns AccessDeniedException: User ... is not authorized to perform: ssm:PutParameter on resource: arn:aws:ssm:eu-central-1:...:parameter/exasol-61e91933/ssh_private_key because no identity-based policy allows the ssm:PutParameter action, which means the IAM identity Terraform uses has no Allow (or is explicitly Denied) for this action.

Likely root cause in your setup

The most probable causes are:

An identity-based policy (user, group, or permissions boundary) that does not include ssm:PutParameter and possibly has a broader Deny for SSM or ssm:*.
The Exasol PE Terraform code assumes it can create SSM parameters to store the generated SSH private key, but your IAM role for the exasol profile is restricted and does not allow writing to SSM Parameter Store.

How to fix it (for Exasol PE)

Ask your AWS admin (or update your own policies, if allowed) to add an IAM statement similar to:

{
  "Effect": "Allow",
  "Action": [
    "ssm:PutParameter",
    "ssm:AddTagsToResource"
  ],
  "Resource": "arn:aws:ssm:eu-central-1:<account-id>:parameter/exasol-61e91933/*"
}

Attach this to the IAM user/role used by Terraform (your exasol profile).
Ensure there is no conflicting explicit Deny that covers ssm:PutParameter on that path or on arn:aws:ssm:eu-central-1:<account-id>:parameter/*, because a Deny will override any Allow.

Once that permission is granted (and any Deny removed), re-run the Exasol Personal Edition deployment; the SSM parameter creation step should succeed and the rest of the stack can complete.

Let me know if you can move on with your Exasol Personal Edition following the advice above.

Best - Thomas D.

Will · January 17, 2026, 9:49pm

Hi Thomas,

Thanks for your tips, I managed to make it work.

I had to add another couple of permissions, this is the final policy JSON I used.

I think Exasol should update the documentation though, it was frustrating finding out missing permissions error by error.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ssm:PutParameter",
                "ssm:DeleteParameter",
                "ssm:AddTagsToResource",
                "ssm:ListTagsForResource",
                "ssm:GetParameters",
                "ssm:GetParameter"
            ],
            "Resource": "arn:aws:ssm:eu-central-1:account_id:parameter/exasol-*/*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "ssm:DescribeParameters",
            "Resource": "*"
        }
    ]
}

realtdegen · January 18, 2026, 12:42am

Will, glad you’ve managed to move forward .

Indeed, as AWS IAM policies can be tricky, the current Exasol Personal Edition deployment pre-requisites instructions could be more precise in this respect.

Especially as this is known and documented however for general Exasol on AWS at:

Here it’s pointed to this JSON policy which covers the AWS IAM user requirements for the Personal Edition Terraform deployment in it as well.

As Exasol Personal Edition has just launched, please bear with us while we are constantly improving Personal Edition documentation for smoother user experience.

Now finally enjoy your Exasol Personal Edition trials, thank you for your feedback.

Best - Thomas D.

juergen_albertsen · January 19, 2026, 5:03pm

Hi Will, product manager of Exasol Personal here. Terribly sorry that you ran into issues and thanks for the feedback. Indeed a permission was missing from our instructions. We have now updated our documentation.

Will · January 20, 2026, 8:47am

No problem at all, I understand Personal has just been launched. Thank you, the platform looks great!

juergen_albertsen · January 20, 2026, 9:30am

Glad to hear! I would be interested to learn what you are going to use it for. Can I reach out to you directly and perhaps we can even have a quick one-on-one chat?

Will · January 20, 2026, 9:53pm

I don’t think to have a very interesting story, but it’s always enriching to have a talk with fellow data technologists

Topic		Replies	Views
Exasol V8, installing it step by step ( with RHEL9 on Azure ) General	11	198	January 12, 2026
Exasol Personal Product News	1	43	January 21, 2026
Exasol MCP Server now available! Product News integration , ai	4	149	September 11, 2025
🚀 The new Exasol Community Edition 2025.1.4 is here - and it’s a game changer! Product News integration , community-edition , ai , virtual-schema , analytics	1	89	November 4, 2025
Release of PyExasol 1.0.0 General integration	2	131	September 3, 2025

Error when trying exosol personal

What the error means

Likely root cause in your setup

How to fix it (for Exasol PE)

Related topics