I am trying to create a very simple Data Pipeline to simply run an AWS CLI command within an EC2 resource. I get these errors in the pipeline..
Object:Ec2Instance
ERROR: Please add following permissions to the role ('DataPipeline_FullAccess') for uploading logs to s3: s3:Put*
WARNING: Error occurred while validating resourceRole 'EC2_DataPipeline_FullAccess'. Need iam:ListRolePolicies and iam:GetRolePolicy to validate. Error: User: arn:aws:sts::407737248259:assumed-role/DataPipeline_FullAccess/EDPSession is not authorized to perform: iam:ListRolePolicies on resource: role EC2_DataPipeline_FullAccess (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: ffb0d91c-e693-49d5-bad7-7bdbff283c66; Proxy: null)
I have added S3 full access to the DataPipeline_FullAccess role.
I have added IAM full access to both the DataPipeline_FullAccess and EC2_DataPipeline_FullAccess, it was unclear which really needed it.
I have reviewed this...
https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-iam-roles.html
still did not work. fyi, you all have an invalid permission here... "elasticmapreduce:GetCluster",
I also tried to use the default AWSDataPipelineRole role, which I am seeing now is no longer valid.
Help, I have been working on this for 3 hours now trying everything.