Reputation: 133
AWS IAM Comprehend Issue
I am running a lambda which will automatically trigger a comprehend job through the use of boto3.
However, for some reason my IAM is not working! I have the following permissions on my role for this job:
- IAMFullAccess
- AmazonS3FullAccess
- ComprehendFullAccess
- AWSLambdaExecute
But, when the job is created in comprehend, it instantly fails with the following error message:
NO_WRITE_ACCESS_TO_OUTPUT: The provided data access role does not have write access to the output S3 URI.
Any ideas on how to fix this? I have given the role full S3 permission?
Upvotes: 6
Views: 4269
Answers (2)
Reputation: 1
All IAM API calls are asynchronous. So, if you are creating roles and policies via boto3 and immediately assuming them and running comprehend, they might not work. You can either wait by sleeping for a few seconds or have a retry mechanism. That's how I solved this issue.
Upvotes: 0
Reputation: 1965
Can you check your role's trust policy and see if comprehend is trusted?
An example trust policy from here - https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "comprehend.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Upvotes: 1
Related Questions
- Accessing S3 bucket from Lambda
- Issues with my iam role when using AWS lambda to trigger an async amazon Comprehend job
- AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"
- IAM Permissions Errors When Using boto3 for AWS Comprehend
- Not Able to create IAM in AWS Educate
- AWS IAM policy issue
- AWS Lambda S3 Access Denied
- AWS IAM Authentication
- AWS IAM Organization Issue - I can't see IAM users or any buckets
- What is Wrong With My AWS Policy?