Data Pipeline and IAM errors

0

I am trying to create a very simple Data Pipeline to simply run an AWS CLI command within an EC2 resource. I get these errors in the pipeline..

Object:Ec2Instance
ERROR: Please add following permissions to the role ('DataPipeline_FullAccess') for uploading logs to s3: s3:Put*
WARNING: Error occurred while validating resourceRole 'EC2_DataPipeline_FullAccess'. Need iam:ListRolePolicies and iam:GetRolePolicy to validate. Error: User: arn:aws:sts::407737248259:assumed-role/DataPipeline_FullAccess/EDPSession is not authorized to perform: iam:ListRolePolicies on resource: role EC2_DataPipeline_FullAccess (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: ffb0d91c-e693-49d5-bad7-7bdbff283c66; Proxy: null)

I have added S3 full access to the DataPipeline_FullAccess role.
I have added IAM full access to both the DataPipeline_FullAccess and EC2_DataPipeline_FullAccess, it was unclear which really needed it.

I have reviewed this...
https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-iam-roles.html
still did not work. fyi, you all have an invalid permission here... "elasticmapreduce:GetCluster",

I also tried to use the default AWSDataPipelineRole role, which I am seeing now is no longer valid.

Help, I have been working on this for 3 hours now trying everything.

1回答
0

fixed, I had a "Permissions Boundary" set on the role accidentally. Also, be sure to following the steps of Creating the Role in the console, selecting the Data Pipeline service, and then the 2 options for data pipeline and ec2. This applies a default for the role and trust relationships.

rlang
回答済み 2年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ