1 Answer
- Newest
- Most votes
- Most comments
1
On inspecting the policy I observed that you added the below “Condition” element to “sms-voice:*” on all for resources. But Pinpoint SMS Voice has no service-specific context keys that can be used in the Condition element of policy statements.
- Actions, resources, and condition keys for Amazon Pinpoint SMS and Voice Service - Condition keys for Amazon Pinpoint SMS and Voice Service - https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonpinpointsmsandvoiceservice.html#amazonpinpointsmsandvoiceservice-policy-keys
Remove the below part in Role policy:
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sms-voice:*:364344555118:*"
},
"StringEquals": {
"aws:SourceAccount": "364344555118"
}
}
Upon removing the above “Condition” element in the policy, the IAM identity will be able to access the pinpoint resources. Thus, I request you to remove the above “Condition” element in your role policy and check if it works for you as well.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you. That worked. It was this article that confused me into thinking I needed that Condition: https://docs.aws.amazon.com/pinpoint/latest/developerguide/security_iam_id-based-policy-examples.html (section on Administrator Access)