0

I am trying to create an EntitiesDetectionV2JobRequest in C# and I can't find a DataAccessRoleARN that works.

The code I am using right now is:

StartEntitiesDetectionV2JobRequest request = new StartEntitiesDetectionV2JobRequest()
                {
                    InputDataConfig = input,
                    JobName = "firstjobincsharp",
                    LanguageCode = "en",
                    OutputDataConfig = output,
                    DataAccessRoleArn = "arn:aws:iam::556071315067:role/PassRole"
                };

And I am getting this error:

Failed to create job due to the provided IAM role doesn't trust Comprehend Medical service principal. Role Arn: arn:aws:iam::556071315067:role/PassRole
Vlada Misici
  • 83
  • 9
  • What kind of trust relationship does `PassRole` have? – luk2302 Dec 29 '20 at 19:08
  • See e.g. https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html => *Role-based Permissions required for batch operations* – luk2302 Dec 29 '20 at 19:10
  • this is the trust relationship: { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "comprehend.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } – Vlada Misici Dec 29 '20 at 19:16
  • Should probably be `"comprehendmedical.amazonaws.com"` instead. – luk2302 Dec 29 '20 at 19:19
  • UPDATE: I changed comprehend.amazonaws.com to comprehendmedical.amazonaws.com and now I get this error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 91A230D30DFFBEA7; S3 Extended Request ID: aX5uHCQkgGObVsNthPABHx7T2pMYBLWw282wLFfE6mPaUbItkkreGILGcL4TT0BG4zn4WNYAy1w=; Proxy: null) – Vlada Misici Dec 29 '20 at 19:21
  • Probably PassRole does not have the permissions it needs to have, e.g. S3 access, as listed in the link. – luk2302 Dec 29 '20 at 19:22
  • I tried to add access to S3 using this service : "s3.amazonaws.com" but I get the same error (403 access denied) – Vlada Misici Dec 29 '20 at 19:30
  • You need to fundamentally understand how IAM works, the linked page lists a lot of permissions that are needed. If you do not understand how to connect them, how they interact, etc. I cannot help you, AWS IAM *is* complex, and there is no way around understanding it. – luk2302 Dec 29 '20 at 19:31

0 Answers0