By using AWS re:Post, you agree to the AWS re:Post Terms of Use

second IAM account throwing RequestError when connecting to MTurk sandbox

0

I am working on two separate projects, so I created two IAM users from the same root account. Both of them have the “AmazonMechanicalTurkFullAccess” permission and API keys. However, the first IAM user can access the sandbox properly using boto3, but the second one I created cannot. When I attempt to access the sandbox with the second IAM user's keys, I get this error: "RequestError: An error occurred (RequestError) when calling the GetAccountBalance operation: To use the MTurk API, you will need an Amazon Web Services (AWS) Account. Your AWS account must be linked to your Amazon Mechanical Turk Account. Visit https://requestersandbox.mturk.com/developer to get started." However, my AWS root account is already linked to my Amazon Mechanical Turk account in the Sandbox. I'm not sure what else I can do to give the second IAM account Mechanical Turk access.

1 Answer
1

Hello,

Given the situation where one IAM user is able to access the Amazon Mechanical Turk (MTurk) sandbox successfully while the other encounters an error, it suggests that the issue might not be with the AWS account linkage to MTurk itself (since one user is working fine) but possibly with the way permissions are set up or inherited for the second IAM user, or a peculiarity in the MTurk service's recognition of IAM user credentials.

  • Firstly, I would recommend to verify that the second IAM user truly has the same permissions as the first. It's possible that a step might have been missed or a permission may not have been applied correctly.
  • Secondly, you should ensure there are no policy statements that explicitly deny access to the MTurk operations for the second IAM user.
  • Thirdly, If you accidentally use the wrong access key ID or secret access key, or if there was a mistake when configuring them in your application or development environment, your requests will not be authenticated correctly.
  • Lastly, for your second account, it's recommended to delete the existing access key, generate a new one, and then configure this new key within your application or development environment.
profile picture
EXPERT
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions