Cretae Datasourse machine learning AWS through SDK

Question

I am trying to create a Datasource using AWS Machine learning SDK. At first i'm upload csv data file to S3 storage also throgh the SDK. Then i update bucket policy for this file. Only after all i'm trying create datasource but i receive error :

FAILURES (1): You don't have permission to access 's3://training-data/input/test-likes.csv'. Contact the owner of 's3://training-data/input/test-likes.csv' to get read access.

What permissions are required else ?

This is my bucket policy:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AmazonML_s3:ListBucket",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::831986290820:user/pavel.emsow",
            "Service": "machinelearning.amazonaws.com"
        },
        "Action": "s3:ListBucket",
        "Resource": "arn:aws:s3:::trainig-data",
        "Condition": {
            "StringLike": {
                "s3:prefix": [
                    "input/common-likes.csv*",
                    "input/test-likes.csv*"
                ]
            }
        }
    },
    {
        "Sid": "AmazonML_s3:GetObject",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::831986290820:user/pavel.emsow",
            "Service": "machinelearning.amazonaws.com"
        },
        "Action": "s3:GetObject",
        "Resource": [
            "arn:aws:s3:::trainig-data/input/common-likes.csv*",
            "arn:aws:s3:::trainig-data/input/test-likes.csv*"
        ]
    }
]
}

Answer 1

I ran into this error when trying to create an ML model from an S3 datasource. In addition to my (similar) bucket policy, I had to modify the IAM role that was used when calling the machine learning API. I attached a Full-Access S3 policy to the IAM role and the call succeeded. The Full-Access policy may be too broad and it may be possible to reduce it to S3 read-only and still have the call succeed.