1 Answer
- Newest
- Most votes
- Most comments
4
Assuming your data access policy is configured properly, make sure your Lambda function's execution role has aoss:APIAccessAll
permissions applied for data-plane access, see Using data-plane policies
answered 10 months ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
I have added those into my IAM but still getting a 403 error.
Heres a snippet of my data access policy:
policy = jsonencode([{ "Rules" : [ { "ResourceType" : "index", "Resource" : [ "index/my-data-collection-${var.stage}/*" ], "Permission" : [ "aoss:CreateIndex", "aoss:ReadDocument", "aoss:UpdateIndex", "aoss:WriteDocument", "aoss:*" ]}], "Principal" : [ "arn:${partition}:iam::${account_id}:user/${stage}"]
And a snippet of my IAM: `iamRoleStatements:
Is that the full data access policy? If so, you will need to add the ARN of the Lamaba function's execution role to the
Principal
element.For example