Data Pipeline and IAM errors


I am trying to create a very simple Data Pipeline to simply run an AWS CLI command within an EC2 resource. I get these errors in the pipeline..

ERROR: Please add following permissions to the role ('DataPipeline_FullAccess') for uploading logs to s3: s3:Put*
WARNING: Error occurred while validating resourceRole 'EC2_DataPipeline_FullAccess'. Need iam:ListRolePolicies and iam:GetRolePolicy to validate. Error: User: arn:aws:sts::407737248259:assumed-role/DataPipeline_FullAccess/EDPSession is not authorized to perform: iam:ListRolePolicies on resource: role EC2_DataPipeline_FullAccess (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: ffb0d91c-e693-49d5-bad7-7bdbff283c66; Proxy: null)

I have added S3 full access to the DataPipeline_FullAccess role.
I have added IAM full access to both the DataPipeline_FullAccess and EC2_DataPipeline_FullAccess, it was unclear which really needed it.

I have reviewed this...
still did not work. fyi, you all have an invalid permission here... "elasticmapreduce:GetCluster",

I also tried to use the default AWSDataPipelineRole role, which I am seeing now is no longer valid.

Help, I have been working on this for 3 hours now trying everything.

asked 3 years ago559 views
1 Answer

fixed, I had a "Permissions Boundary" set on the role accidentally. Also, be sure to following the steps of Creating the Role in the console, selecting the Data Pipeline service, and then the 2 options for data pipeline and ec2. This applies a default for the role and trust relationships.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions