User is is not authorized to assume IAM Role while copy from S3

Question

Hi,  
  
I'm trying to grabbing data from S3 and get them into RedshiftDB using COPY command from Python script.  
I performed the next steps:   
1. Created a cluster in us-west-2 region using AWS SDK (Python boto3)  
2. Created an IAM role arn:aws:iam:::role/db_redshift_role with "AmazonS3ReadOnlyAccess" permissions using AWS Management Console  
3. Attached the role to the cluster. The role is In-sync Status  
4. IAM -> Accounts Settings -> Region name IS Active

```
%%time
qry = """copy sporting_event_ticket from 's3://udacity-labs/tickets/split/part' 
    credentials 'aws_iam_role=arn:aws:iam:::role/db_redshift_role ' 
    gzip delimiter ';' compupdate off region 'us-west-2'"""
%sql $qry
```

And I got an error  
error:  User arn:aws:redshift:us-west-2::dbuser:dwhcluster/dwhuser is not authorized to assume IAM Role arn:aws:iam:::role/db_redshift_role   
  
I read almost all the topics, but nothing has helped me.  
  
Many thanks in advance  
  
Edited by: boobooka on Apr 4, 2020 7:53 AM

Answer

Hi boobooka,  
  
Are you sure the role you attached to the Redshift cluster is a service role that has the trust relationship with the Redshift cluster?  
  
-Kurt

Answer

Hi!  
  
I recreated the cluster, performed all the steps again, waited about ten minutes and than rebooted the cluster. And now it works.  
  
It's quite strange, maybe I made a mistake at my first attempting

Answer

Hi boobooka@,  
  
Generally below errors come for the following reasons :  
error: User arn:aws:redshift:us-west-2::dbuser:dwhcluster/dwhuser is not authorized to assume IAM Role arn:aws:iam:::role/db_redshift_role  
  
1. If trust relationship gets altered after attaching IAM role to the cluster.  
2. IAM Policy has restricted usage to particular db-users only.  
3. IAM role is not in-sync with the cluster.  
  
Regards,  
Kalyan

User <dwhuser> is is not authorized to assume IAM Role while copy from S3

関連するコンテンツ