AccessDeniedException when using CreateFaceLivenessSessionCommand
Hi, Im using the Rekognition with Javascript V3, on the IAM roles i created inline policy for all actions and resources of Rekognition.
I can use the IndexFacesCommand, ListFacesCommand and SearchFacesByImageCommand but when calling the CreateFaceLivenessSessionCommand Im having an error of AccessDeniedException. what is the problem? i followed the documentation how to use Rekognition using Javascript V3.
` const rekog = new RekognitionClient({ credentials: fromIni({profile: 'default'}), region: 'ap-southeast-1' });
try {
const command = new CreateFaceLivenessSessionCommand();
const response = await rekog.send(command);
console.log(response);
}catch(e){
console.log(e)
}
`
- 최신
- 최다 투표
- 가장 많은 댓글
After a few days i figure it out, i read the documentation again and also the FAQ's. it's all because of my region. My region was on Singapore, the Face Liveness resources is available only on these regions. US East (N. Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Tokyo), and Asia Pacific (Mumbai).
Hello.
Where is JavaScript running?
For example, if you are running it on a local PC, you will need to check whether the correct IAM policy is attached to the IAM user associated with the set access key.
By the way, does it work if I use the "Administratoraccess" policy?
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html
If you look at the documentation below, S3 may be involved.
So why not try setting "S3Fullaccess" once?
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/rekognition/command/CreateFaceLivenessSessionCommand/
You can use the OutputConfig option in the Settings parameter to provide an Amazon S3 bucket location. The Amazon S3 bucket stores reference images and audit images. If no Amazon S3 bucket is defined, raw bytes are sent instead.
@Riku here's my IAM role permissions, still having an error AccessDeniedException when i call the CreateFaceLivenessSessionCommand but i can call other commands from Rekognition
yes I'm trying it on my local using node.js i'll post the permissions of my IAM
Are there any errors in the CloudTrail event history? If you look at CloudTrail's event history, you may be able to see which IAM policies are missing. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html
on the cloudtrail i saw the CreateLivenessSession event and has error code of AccessDenied even my IAM has all the permission to rekognition, there's no information about what policy was missing