I am trying to follow this job aid to create an API gateway rest endpiont with an s3 integration.
https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html
However, when I try to create my execution role in IAM, there is only one use case at the bottom for API gateway. "Allows API Gateway to push logs to CloudWatch Logs." I am unable to attach an s3 policy the the API gateway role. Is this documentation out of date? How do I add the execution role for s3?
enter image description here
First you create the role with the cloudwatch policy,
then you go in your role list in IAM and find the role you just created ,
inside the role you can click on "attach policy" button and add any policies.
cheers
Related
As mentioned in step-3 of this blog by AWS, I have created a role to invoke sagemaker endpoint. But, when I deploy the API to a stage, I get "AWS ARN for integration contains invalid action" and I can't deploy the stage.
blog suggested to select API Gateway under services and to keep on next, but didn't mention which policy will be attached. and also that another inline policy to invoke a specific sagemaker endpoint to be created and attached.
and as mentioned in AWS Docs:
It must also have API Gateway declared (in the role's trust
relationship) as a trusted entity to assume the role.
my role also have the trust-relationshp:
What's missing in my role that led to the error?
Check in all your API methods that you haven't specified "Use Action Name" for any integration request, and then left the "Action" field blank. If you do the "AWS ARN for integration contains invalid action" error message will be shown.
I am trying to sync two S3 buckets in different accounts. I have successfully configured the locations and created a task. However, when I run the task I get a Unable to connect to S3 endpoint error. Can anyone help?
This could have been related to the datasync's IAM role's policy (datasync IAM role) not having permission to the target S3 bucket
verify your policy and trust relationship using the below documentation
https://docs.aws.amazon.com/datasync/latest/userguide/using-identity-based-policies.html
Also turn on cloudwatch logs (like shown in the image) and view detailed log in cloudwatch. If it is permission related, add the missing policy in the Datasync role.
So I am following this Tutorial
I have created a role and attached the AmazonDynamoDBFullAccess policy to it ...
When I assign this role to Gateway API .... like this
I keep getting this error ...
Execution failed due to configuration error: API Gateway does not have
permission to assume the provided role
Isn't the "AmazonDynamoDBFullAccess" policy that I have applied to my role "MyDynamoRole" enough to give Gateway API necessary permissions ?
Found a solution ....
Under "Role --> Trust Relationship", I have added another service i.e. API Gateway ...
"apigateway.amazonaws.com"
and all good now ...
For people that might be struggling to create a role via the console, the hack is to use EC2 or Lambda based IAM roles to create a generic role and then edit the Trust Relationships to have the service.
"apigateway.amazonaws.com"
I'm trying to setup a Amazon API Gateway proxy which would be connected to s3 bucket to just proxy each file/object from the bucket to the API Gateway endpoint. (I need this because i need some files to be passed through other HTTP verbs, and s3 does not allow POST method).
The thing is that I cannot select 'S3' as aws service
Can someone provide me some guidance?
To allow the API to invoke required Amazon S3 actions, you must have appropriate IAM policies attached to an IAM role. The next section describes how to verify and to create, if necessary, the required IAM role and policies.
For your API to view or list Amazon S3 buckets and objects, you can use the IAM-provided AmazonS3ReadOnlyAccess policy in the IAM role.
Please read documentation here to know full setup
It should be under a name Simple Storege Service (S3)
I was trying to create an IAM role for S3 bucket, I have to select a role type from a list of AWS services, but I can't find "Amazon Simple Storage Service (S3)" anywhere. any proposed solutions?
Here is a screenshot from the page involved.