Problem to set event destination of Amazon SES using Kinesis Firehose

Question

I created the role needed to connect the services but i'm getting these two errors:

* Could not access Kinesis Firehose Stream using IAM role
* Could not assume IAM role

Permission Policy:
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "*"
            ],
            "Resource": [
                 "arn:aws:firehose:delivery-region:111122223333:deliverystream/delivery-stream-name"
            ]
        }
    ]
}
```

Trust Policy:
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ses.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "111122223333",
          "AWS:SourceArn": "arn:aws:ses:delivery-region:111122223333:configuration-set/configuration-set-name"
        }
      }
    }
  ]
}
```

Link that i used to guide me:

* https://docs.aws.amazon.com/ses/latest/dg/event-publishing-add-event-destination-firehose.html#event-publishing-add-event-destination-firehose-role

Can someone help me ?

Answer

I know this may sound stupid and you should not share your account id or resources names here, but have you actually changed the placeholders that are in the policy ?

![Enter image description here](/media/postImages/original/IMxC-ofhzvRjieiOth9Yw7pg)
![Enter image description here](/media/postImages/original/IMrEBXAsSJSDKGobOZA7TaFw)

If you did, have you checked if it is correct ?

The trust policy defines "who" can assume the role, attaching a role to a resource just tells it must assume that role.

If this does not solve your problem or still have any question please let me know.

Problem to set event destination of Amazon SES using Kinesis Firehose

Relevant content