IAM role ARN value is invalid or does not include the required permissions for: AWS_ROLE_INTEGRATION ???

Question

I'm trying to associate a role with an Aurora DB instance, and I'm getting the error
`IAM role ARN value is invalid or does not include the required permissions for: AWS_ROLE_INTEGRATION`

I can't find an reference to AWS_ROLE_INTEGRATION in the documentation, and the single Google result referring to this "AWS_ROLE_INTEGRATION" leads to a user asking the same question but never getting a response.

Answer

Did the role you create have the required policy as described in the following links?

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.S3CreatePolicy.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.LambdaCreatePolicy.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.CWCreatePolicy.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.KMSCreatePolicy.html

These might also help: 
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.CreateRole.html
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.AddRoleToDBCluster.html

Answer

YMMV, but the problem for me was that the "aws:SourceArn" condition on my role's trust policy was set to the wrong ARN. Setting it to the ARN of the resource that needed to assume the role fixed it.

IAM role ARN value is invalid or does not include the required permissions for: AWS_ROLE_INTEGRATION ???

相關內容