Scenario: RDS Aurora v2 DB snapshot export to S3 bucket
Console gives error Principal isn't allowed to assume the IAM role citing
- EITHER non-existent IAM role or
- OR Principal not allowed to take IAM role.
While this IAM role is being created by Console GUI logic itself.
Additional information
- Principal name specified by error is rds-export.aws.internal => Here internal is never seen in any examples cited in knowledge article.
- Related article in knowledge center about IAM role doesn't exists asks to specify correct Principal as export.rds.amazonaws.com instead of rds.amazonaws.com
To resolve this issue, make sure that the trust relationship specifies "export.rds.amazonaws.com” instead of “rds.amazonaws.com” in your IAM policy.
While here the Principal is specified as rds-export.aws.internal which seems to be an issue