Amazon SP-API Python SellingApiForbiddenException: Access to requested resource is denied

Question

I know this question has been asked a lot but none of the solutions helped my case.

I registered as amazon developer in my Amazon seller account and now trying to connect using python-amazon-sp-api library Here is my code:

from sp_api.api import Orders
import datetime
import json
from datetime import timedelta
from sp_api.base import SellingApiException, Marketplaces
credentials=dict(
        refresh_token='***************', # refresh token from authorized from the app on Seller central
        lwa_app_id='****************', # lwa id of the app
        lwa_client_secret='***************', # lwa secret of the app
        aws_secret_key='************', # secret key of IAM user
        aws_access_key='************', # access key of IAM user
        role_arn='arn:aws:iam::577******:role/SPAPIRole' # IAM role arn
    )


print(json.dumps(credentials))
from sp_api.api import Orders, Finances, ProductFees
from sp_api.base import SellingApiException, Marketplaces, SellingApiForbiddenException
import datetime
from datetime import timedelta, date
import time
import csv

marketplaces = ['A2EUQ1WTGCTBG2']

res = Orders(credentials=credentials, marketplace=Marketplaces.CA) 
data = res.get_orders(CreatedAfter='2017-03-30',CreatedBefore=date.today().isoformat(),MarketplaceIds=marketplaces)

Here is the attached policy to my user(not as inline but directly attached as managed policy):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::577951966674:role/SPAPIRole"
        }
    ]
}

I have followed the API docs EXACTLY which didn't work and the policy above is what I tried to add from what I read in forums.

I have tried using both IAM USER ARN and ROLE ARN when adding the app in the developer central (IAM ARN section of the app)

What am I doing wrong?

Answer 1

尝试将 IAM ARN 信息替换为 aws ROLE ARN。