AWS IAM Comprehend Issue

3.8k Views Asked by Owen Murray At 21 October 2024 at 08:37

I am running a lambda which will automatically trigger a comprehend job through the use of boto3.

However, for some reason my IAM is not working! I have the following permissions on my role for this job:

IAMFullAccess
AmazonS3FullAccess
ComprehendFullAccess
AWSLambdaExecute

But, when the job is created in comprehend, it instantly fails with the following error message:

NO_WRITE_ACCESS_TO_OUTPUT: The provided data access role does not have write access to the output S3 URI.

Any ideas on how to fix this? I have given the role full S3 permission?

Original Q&A

There are 2 best solutions below

Schleir On 17 December 2020 at 01:49

Can you check your role's trust policy and see if comprehend is trusted?

An example trust policy from here - https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "comprehend.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

AmritK10 On 07 October 2021 at 08:51

All IAM API calls are asynchronous. So, if you are creating roles and policies via boto3 and immediately assuming them and running comprehend, they might not work. You can either wait by sleeping for a few seconds or have a retry mechanism. That's how I solved this issue.

AWS IAM Comprehend Issue

There are 2 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in AWS-LAMBDA

Related Questions in AMAZON-IAM

Related Questions in AMAZON-COMPREHEND

Trending Questions

Popular # Hahtags

Popular Questions