docs: document cloud permission errors on env group create

[mintlify]

Summary

Document the new 403 response and required cloud IAM permissions when creating an environment group fails because the connected cloud account cannot manage secrets.

Context

Upstream PR maps cloud-provider access-denied errors (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault) to a 403 with an actionable message, replacing the previous opaque 500. Users hitting this need to know which permissions to grant the Porter role.

Changes

• Added a Troubleshooting section to the Environment groups page covering the new 403 error
• Listed the required Secrets Manager / Secret Manager / Key Vault permissions per cloud provider (AWS, GCP, Azure)

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
porter	🟢 Ready	View Preview	May 27, 2026, 5:57 PM

[GKestenberg]

You should use <Tabs>

<Tabs>
  <Tab title="AWS">
    - `secretsmanager:CreateSecret`
    - `secretsmanager:PutSecretValue`
    - `secretsmanager:GetSecretValue`
    - `secretsmanager:UpdateSecret`
    - `sts:AssumeRole` for the Porter role
  </Tab>
  <Tab title="GCP">
    - `secretmanager.secrets.create`
    - `secretmanager.versions.add`
    - `secretmanager.versions.access`

    Granted on the project.
  </Tab>
  <Tab title="Azure">
    - `Key Vault Secrets Officer` (or equivalent get/set permissions)

    Granted on the Key Vault used by the connected cloud account.
  </Tab>
</Tabs>