Question
We are creating a Snowflake data pipe in AWS using the Customer's AWS account. However, a validation issue prevents the Snowflake adapter from being enabled.
Caused by: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:sts::<Reltio AWS Account>:assumed-role/dph-assumerole-dev-<tenant ID>/reltio-s3-session is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<customer AWS Account>:role/<AWS IAM Role for S3 storage>/ (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 53b7e2ee-f33d-4471-bad2-1f63bfc58f3c; Proxy: null)
Answer
Remove conditions and simplify the process.
{
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::<customer AWS account>:role/<Customer IAM Role for S3>"
}
]
}
Comments
Please sign in to leave a comment.