科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Firehose is unable to assume role - Stack Overflow

    javascript - Firehose is unable to assume role - Stack Overflow

    programmeradmin4浏览0评论

    I'm trying to use Firehose API (JS) and I keep getting the following error:

    "InvalidArgumentException: Firehose is unable to assume role arn:aws:iam::XXXXXXXXXX:role/NAME. Please check the role provided.

    I check the role and I have set my custom policy to include all resources for STS and Firehose action. I have no clue why this error exists if I'm allowing AssumeRole under STS.

    Method Calling

    The method I'm using is createDeliveryStream(params = {}, callback) with S3DestinationConfiguration.

    Policy JSON

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:*",
                "kinesisvideo:*",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:*",
                "firehose:*",
                "sts:*",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}

    I'm trying to use Firehose API (JS) and I keep getting the following error:

    "InvalidArgumentException: Firehose is unable to assume role arn:aws:iam::XXXXXXXXXX:role/NAME. Please check the role provided.

    I check the role and I have set my custom policy to include all resources for STS and Firehose action. I have no clue why this error exists if I'm allowing AssumeRole under STS.

    Method Calling

    The method I'm using is createDeliveryStream(params = {}, callback) with S3DestinationConfiguration.

    Policy JSON

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:*",
                "kinesisvideo:*",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:*",
                "firehose:*",
                "sts:*",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}
    • javascript
    • amazon-web-services
    • amazon-iam
    • amazon-kinesis-firehose
    Share Improve this question edited Apr 25, 2019 at 19:03 Brian Nezhad asked Apr 25, 2019 at 17:06 Brian NezhadBrian Nezhad 6,26810 gold badges47 silver badges70 bronze badges 7
    • 1 It would be far easier to answer if you actually showed the role in your question. But I suspect that you're missing the Principal element. – guest Commented Apr 25, 2019 at 17:31
    • I agree I will update that soon. AWS Console is down. I Agree with you, I try to set principle but it gives me some error which I will also update that as well. – Brian Nezhad Commented Apr 25, 2019 at 17:32
    • @guest Updated. – Brian Nezhad Commented Apr 25, 2019 at 19:03
    • 1 Can you check the trust relationship defined in the IAM role and verify that it is set to firehose.amazonaws.com? – krishna_mee2004 Commented Apr 25, 2019 at 19:39
    • @krishna_mee2004 Thank you so much. That resolved the issue. I will accept your answer. – Brian Nezhad Commented Apr 25, 2019 at 19:43
     |  Show 2 more comments

    1 Answer 1

    Reset to default 22

    Please check the trust relationship defined in the IAM role and verify that it is set to firehose.amazonaws.com. Policy defined in Trust relationship enables services to assume the role. For Kinesis Firehose, refer this document which contains details about IAM roles for Firehose. Refer "Grant Kinesis Data Firehose Access to an Amazon S3 Destination" section in the document which mentions about trust policy.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论