AWS IAM Comprehend Issue
Question
I am running a lambda which will automatically trigger a comprehend job through the use of boto3.
However, for some reason my IAM is not working: I have the following permissions on my role for this job:
- IAMFullAccess
- AmazonS3FullAccess
- ComprehendFullAccess
- AWSLambdaExecute
But, when the job is created in comprehend, it instantly fails with the following error message:
NO_WRITE_ACCESS_TO_OUTPUT: The provided data access role does not have write access to the output S3 URI.
Any ideas on how to fix this? I have given the role full S3 permission?
2 answers
solution1
1 2020-12-17 01:49:17
Can you check your role's trust policy and see if comprehend is trusted?
An example trust policy from here - https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "comprehend.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
solution2
0 2021-10-07 08:51:57
All IAM API calls are asynchronous. So, if you are creating roles and policies via boto3 and immediately assuming them and running comprehend, they might not work. You can either wait by sleeping for a few seconds or have a retry mechanism. That's how I solved this issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.