Our AWS error library covers high-impact exceptions across S3, IAM, EC2, Lambda, and DynamoDB with service-specific diagnostics. Each entry is written for incident workflows using RequestId and HostId evidence, policy scope checks, and quota or regional constraint analysis.
These are the highest-signal AWS pages for common production failures and the best first routes for internal linking and early user navigation.
Priority guide
Access Denied
Fix AWS AccessDenied with policy-layer diagnostics across IAM, SCP, resource policies, and trust rules to restore least-privilege access safely.
->Priority guide
Authentication Failure
Fix AWS AuthFailure: Learn the difference between authentication and authorization, validate IAM access keys, and resolve credential rotation sync iss...
->Priority guide
Throttling Exception
Fix AWS ThrottlingException with adaptive rate control, exponential backoff with jitter, and quota-aware traffic shaping for stable API behavior.
->When you need broader context, move from provider-specific pages into the matching error category or incident playbook before changing production behavior.
Showing 1-15 of 100.
AWS AccessDenied usually means AWS authenticated the caller, then denied a specific action on a specific ARN after evaluating IAM, SCP, trust, boundary, session, or resource policy layers.
AWS AccountProblem (Account Problem) means there is an AWS account-level issue that prevents the operation from completing and AWS directs you to contact Support. In Amazon S3, this error returns HTTP 403.
AWS AmbiguousGrantByEmailAddress means the ACL grantee email address is associated with more than one AWS account, so Amazon S3 cannot resolve a single principal (HTTP 400).
AWS AuthFailure indicates that the request could not be authenticated. It occurs when provided credentials (Access Keys) are invalid, malformed, or inactive. Unlike AccessDenied, authentication fails before the service evaluates permissions.
AWS BadDigest means the Content-MD5 or checksum value in the request does not match what Amazon S3 received for that payload (HTTP 400).
Amazon S3 BucketAlreadyExists means a CreateBucket request used a bucket name that is already allocated in the global S3 namespace, usually by another AWS account.
Amazon S3 BucketAlreadyOwnedByYou means a CreateBucket request targeted a bucket name that already exists and is owned by the same AWS account.
CloudFront returns `CNAMEAlreadyExists` when an alternate domain name is already attached to another distribution, so the alias cannot be assigned again. CloudFront returns HTTP 409 for this conflict.
AWS CodeStorageExceededException is an account-level error indicating that the cumulative storage used by all Lambda deployment packages, layers, and versions has exceeded the 75GB regional quota.
IAM returns `ConcurrentModification` when overlapping write operations target the same IAM resource at the same time, producing a control-plane conflict. IAM returns HTTP 409 for this error.
AWS ConditionalCheckFailedException means a DynamoDB conditional request failed because the condition expression evaluated to false (HTTP 400).
AWS CredentialsNotSupported (Credentials Not Supported) means the request type does not support credentials. In Amazon S3, this error returns HTTP 400.
AWS CrossLocationLoggingProhibited (Cross Location Logging Prohibited) means server access logging cannot target a bucket in another AWS Region. In Amazon S3, this error returns HTTP 403.
AWS DeleteConflict means the IAM resource cannot be deleted because subordinate entities are still attached (HTTP 409).
AWS DistributionAlreadyExists means the CallerReference is already associated with another CloudFront distribution request (HTTP 409).