Operation Fails Because of Authorization or Resource Not Found
The error, "Authorization failed or requested resource not found," can occur when you work with Certificates resources. You might see this error for several reasons.
Missing or incorrect policy statements
You might not have the required permissions.
Verify that policy statements exist to grant at least the minimum permissions described in the Required IAM Policy section of Managing Certificates, Managing Certificate Authorities, or Managing CA Bundles, as appropriate. You might need policy statements for both groups and dynamic groups, depending on the resources you want to work with.
In particular, when creating CAs or configuring them to perform revocation, confirm that you have a policy to grant CAs the permissions needed to sign X.509 certificates using Vault keys and to store certificate revocation lists (CRLs) in Object Storage buckets. (This type of policy is referred to as a resource principal policy because it authorizes a resource as a principal actor that can act on other resources.) If you have no policy that grants CAs the permissions they need, then an administrator must write the policy. If you have no dynamic group for CAs to begin with, an administrator must first create a dynamic group with a matching rule that includes all CAs, and then write the policy.
Non-existent resource
The requested resource might not exist.
Verify that all the resources named in your request exist and have not been deleted.
Resource exists in a different tenancy
Your request might include resources in different tenancies.
The Certificates service does not support cross-tenancy requests. Confirm that all the resources named in your request belong to the same tenancy. For example, when creating a CA, the Vault key, Object Storage bucket, and issuer CA must exist in the same tenancy as the CA you are trying to create.