Reputation: 1457
AWS timestream-write gets "An error occurred (AccessDeniedException) when calling the DescribeEndpoints operation: This operation is not allowed."
I am experimenting the AWS SDK for python to access Timestream. I tried their in house example code from the repository and I wrote my own code to create a database:
import boto3
from botocore.config import Config
client = boto3.client('timestream-write')
response = client.create_database(DatabaseName='test')
Both sample code and my own code got the following error:
AccessDeniedException: An error occurred (AccessDeniedException) when calling the DescribeEndpoints operation: This operation is not allowed.
I googled a bit, but I could not find any information about it. Thanks!
Upvotes: 1
Views: 2848
Answers (3)
Reputation: 91
in your iam role add this permission policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"timestream:DescribeEndpoints"
],
"Resource": "*"
}
] }
DescribeEndpoints is called bt sdk in case you defined endpoints interface like this in your vpc query-cell2.timestream..amazonaws.com.
Upvotes: 2
Reputation: 1457
Timestream is currently only available in a handful of regions. Make sure the boto3 region configuration set the correct region to those eligible ones.
Upvotes: 1
Reputation: 915
The credentials that you are using to interact with Timestream should use an IAM role that has has either an AWS managed policy or a custom policy that allow you to call timestream:DescribeEndpoints. See this page for an example: https://docs.aws.amazon.com/timestream/latest/developerguide/security_iam_id-based-policy-examples.html
Assuming you configured your environment to use the AWS CLI and ran aws configure, the IAM User that is tied to those credentials should be granted timestream:DescribeEndpoints. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
You may have gotten this permissions error because you are missing TableName, which is a required parameter. https://docs.aws.amazon.com/timestream/latest/developerguide/API_CreateTable.html
Upvotes: 0
Related Questions
- AWS TimeStream: Records that are older than one day are rejected
- Timestream client does not accept TIMESTAMP as Measure value type
- Insert into AWS Timestream using API
- Allow timestream:describe execution
- Writing record with MeasureValues error: Please use measureValue to send the data
- Access Denied Error while inserting into Aws Timestream on Serverless Stack
- AWS Timestream: Unable to ingest records into AWS Timestream
- Writing data to AWS timestream table using IOT - timestamp not working
- UnknownOperationException while sending WriteRecordsCommand to TimestreamWriteClient
- AWS TimeStream Python SDK: Cannot create a correct client object