I am running a lambda which will automatically trigger a comprehend job through the use of boto3.
However, for some reason my IAM is not working! I have the following permissions on my role for this job:
- IAMFullAccess
- AmazonS3FullAccess
- ComprehendFullAccess
- AWSLambdaExecute
But, when the job is created in comprehend, it instantly fails with the following error message:
NO_WRITE_ACCESS_TO_OUTPUT: The provided data access role does not have write access to the output S3 URI.
Any ideas on how to fix this? I have given the role full S3 permission?
Can you check your role's trust policy and see if comprehend is trusted?
An example trust policy from here - https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html