By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AccessDeniedException when using CreateFaceLivenessSessionCommand

0

Hi, Im using the Rekognition with Javascript V3, on the IAM roles i created inline policy for all actions and resources of Rekognition.

Enter image description here

I can use the IndexFacesCommand, ListFacesCommand and SearchFacesByImageCommand but when calling the CreateFaceLivenessSessionCommand Im having an error of AccessDeniedException. what is the problem? i followed the documentation how to use Rekognition using Javascript V3.

` const rekog = new RekognitionClient({ credentials: fromIni({profile: 'default'}), region: 'ap-southeast-1' });

try {
const command = new CreateFaceLivenessSessionCommand(); const response = await rekog.send(command); console.log(response); }catch(e){ console.log(e) } `

Topics
Machine Learning & AISecurity, Identity, & Compliance
Tags
Amazon RekognitionAWS IAM Identity Center
Language
English
AJ
asked 19 days ago237 views
3 Answers
0
Accepted Answer

After a few days i figure it out, i read the documentation again and also the FAQ's. it's all because of my region. My region was on Singapore, the Face Liveness resources is available only on these regions. US East (N. Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Tokyo), and Asia Pacific (Mumbai).

https://aws.amazon.com/rekognition/face-liveness/#FAQs

AJ
answered 16 days ago
0

Hello.

Where is JavaScript running?
For example, if you are running it on a local PC, you will need to check whether the correct IAM policy is attached to the IAM user associated with the set access key.
By the way, does it work if I use the "Administratoraccess" policy?
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html

If you look at the documentation below, S3 may be involved.
So why not try setting "S3Fullaccess" once?
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/rekognition/command/CreateFaceLivenessSessionCommand/

You can use the OutputConfig option in the Settings parameter to provide an Amazon S3 bucket location. The Amazon S3 bucket stores reference images and audit images. If no Amazon S3 bucket is defined, raw bytes are sent instead.

profile picture
EXPERT
Riku_Kobayashi
answered 19 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 19 days ago
  • AJ
    19 days ago

    yes I'm trying it on my local using node.js i'll post the permissions of my IAM

  • Riku_Kobayashi EXPERT
    19 days ago

    Are there any errors in the CloudTrail event history? If you look at CloudTrail's event history, you may be able to see which IAM policies are missing. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

  • AJ
    19 days ago

    on the cloudtrail i saw the CreateLivenessSession event and has error code of AccessDenied even my IAM has all the permission to rekognition, there's no information about what policy was missing

0

@Riku here's my IAM role permissions, still having an error AccessDeniedException when i call the CreateFaceLivenessSessionCommand but i can call other commands from Rekognition

Enter image description here

AJ
answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content