- Newest
- Most votes
- Most comments
@Riku, I tried both the permission but still get the same error.
Here is my IAM
I'm not sure if that two policy are having a conflict or maybe missing something.
Hello.
Would it be possible for you to share the error message and the IAM policy and code you are using?
Hmm..., the role is attached correctly, at this point I can't think of anything missing. Btw, thank you for you help.
did you solve this? Same problem when i have done everything like the official doc said.
Thank you for the response @Riku, please see below the error message return by the lambda function that I'm calling to get the liveness session.
{"errorMessage": "An error occurred (AccessDeniedException) when calling the CreateFaceLivenessSession operation: ", "errorType": "AccessDeniedException", "requestId": "7aad255e-ba03-4d42-acee-ecefaf85da36", "stackTrace": [" File \"/var/task/lambda_function.py\", line 18, in lambda_handler\n 'sessionId': create_session()\n", " File \"/var/task/lambda_function.py\", line 6, in create_session\n response = client.create_face_liveness_session()\n", " File \"/var/task/botocore/client.py\", line 535, in _api_call\n return self._make_api_call(operation_name, kwargs)\n", " File \"/var/task/botocore/client.py\", line 980, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"]}
Also, here are the following IAM policy that the lambda is using.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "rekognition:CreateFaceLivenessSession", "rekognition:GetFaceLivenessSessionResults" ], "Resource": "*" } ] }
The code that I'm using came from the docs, Calling the Face liveness API's https://docs.aws.amazon.com/rekognition/latest/dg/face-liveness-calling-apis.html
import boto3
client = boto3.client('rekognition')
def create_session():
response = client.create_face_liveness_session()
session_id = response.get("SessionId")
return session_id
def lambda_handler(event, context):
return {
'statusCode': 200,
'sessionId': create_session()
}
Can't figure out why it throws Access Denied exception even if I set the IAM policy the way the documents shows.
Same problem. Did anyone solve this ??? I did everything same way on the aws official document said.
I'm also having an AccessDeniedException when using CreateFaceLivenessSessionCommand with Javascript v3. My iAM role already have all actions and resources of rekognition, i can use the ListFacesCommand, IndexFacesCommand and SearchFacesByImageCommand because my role have all of the rekognition but when calling the CreateFaceLivenessSessionCommand it shows AccessDeniedException. what seems the problem?
Relevant content
- Accepted Answerasked 2 years ago
- asked 7 months ago
- Accepted Answerasked 18 days ago
- asked 4 months ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 8 months ago
Thank you for sharing. I created and executed a Lambda in the same way in my environment and the situation was reproduced. The following policy with full access was able to run, so something may be missing in the policy.
"StartFaceLivenessSession" was required in the IAM policy. Reading the "CreateFaceLivenessSession" document, it seems that it is supposed to start streaming Face Liveness video, so I think this permission is required. https://docs.aws.amazon.com/rekognition/latest/APIReference/API_CreateFaceLivenessSession.html The error message was not very user friendly and was hard to understand...
It is odd that it fails even with full access. Can you confirm that the IAM role associated with Lambda is correct? I am able to run it in my environment.