- 최신
- 최다 투표
- 가장 많은 댓글
For fixing this issue, you have to:
- Select a region compatible (in my case eu-central-1)
- Create a new role with AmazonS3FullAccess policy (just for testing, adjust for security) and this trust entity:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "transcribe.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
- Attach AmazonTranscribeFullAccess and AmazonS3FullAccess policiy to your IAM user (just for testing, adjust for security)
There are two pieces of permissions that you have to consider here.
- Your access key and secret key must have permissions to run the command
startCallAnalyticsJob - The analytics job must be able to access the data it needs using the role
DataAccessRoleArn.
From the error message, it appears that (1) is the issue. Do the keys that are running this command have the permissions to run startCallAnalyticsJob on that specific job Transcript1? This would either be a role that your user has assumed, or your actual IAM user itself.
If that doesn't solve the problem, then you would want to make sure that the DataAccessRole has a trust relationship with Transcribe, such that transcribe is allowed to assume that role with access to the right objects in your S3 Bucket. Take a look at how to update the trust relationship for a role here . This guide also walks you through creating it if needed.
The role would look something like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transcribe.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Thank you for your response. For testing I tried to attach this strategy to my user:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:", "transcribe:" ], "Resource": "*" } ] }
But I get the same error. Here's the role used by DataAccessRoleArn property:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "transcribe.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Thank you again.
Your policy is missing a tiny detail. In the Action section, it should read
s3:*andtranscribe:*(with the star). Can you give that a try and see if it works? And is the whole error message what you posted above?I think, there was a bug when I pasted json, because the stars has been here.
See: https://pastebin.com/fCP9wCFV
Here's the full PHP error:
Fatal error: Uncaught exception 'Aws\TranscribeService\Exception\TranscribeServiceException' with message 'Error executing "StartCallAnalyticsJob" on "https://transcribe.eu-west-3.amazonaws.com"; AWS HTTP error: Client error:
POST https://transcribe.eu-west-3.amazonaws.comresulted in a400 Bad Requestresponse: {"__type":"BadRequestException","Message":"Your account isn't authorized to call this operation. Check your account perm (truncated...) BadRequestException (client): Your account isn't authorized to call this operation. Check your account permissions and try your request again. - {"__type":"BadRequestException","Message":"Your account isn't authorized to call this operation. Check your account permissions and try your request again."}' GuzzleHttp\Exception\ClientException: Client error:POST https://transcribe.eu-west-3.amazonaws.comresulted in a400 Bad Requestresponse: {"__type":"BadRequestException","Message":"Your account isn't authorized to call this operation. Check your account perm (truncated.. in /Users/J/PhpstormProjects/dev/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php on line 195Thank you so much
Hmm, I would recommend starting simple and trying out some other SDK calls first, such as s3
lscommand, and then maybe some more basic transcribe commands to see if they get the same error message. Are you part of an AWS Organization? It's possible that you could be getting rejected due to service control policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) that might limit your account from being able to use the transcribe service.I tried with the CLI (with same access and secret keys) thoses commands:
aws s3 ls s3://mybucketname
It works.
But with this command I get an error:
aws transcribe start-call-analytics-job
--call-analytics-job-name MfTranscript1
--media MediaFileUri=s3://mybucketname/file.wav
--data-access-role-arn "arn:aws:iam::{id}:role/AWSRoleTranscribe"
--channel-definitions '[{"ChannelId": 0, "ParticipantRole": "AGENT"},{"ChannelId": 1, "ParticipantRole": "CUSTOMER"}]'
An error occurred (BadRequestException) when calling the StartCallAnalyticsJob operation: Your account isn't authorized to call this operation. Check your account permissions and try your request again.
I have no AWS Organization. But can I use the eu-west-3 (Paris) region? Thank you