UP20030 No permissions to assumeRole

The error you see is of the kind:

No permissions to perform sts:AssumeRole on the given role, 
please check that the given role has the wanted trusted entity (check documentation) 
and that the external id matches the condition in the role. 

Original Message: 
User: arn:aws:sts::428641199958:assumed-role/upsolver-api/i-0c31b9143ea9ce8cb 
is not authorized to perform: sts:AssumeRole on 
resource: arn:aws:iam::XXXXXX:user/you (Service: AWSSecurityTokenService; 
Status Code: 403; Error Code: AccessDenied; 
Request ID: XXXXXX-ac95-4cff-bca7-e3b60e6c8174; Proxy: null)

Possible Causes

The error happens when there is an attempt to connect an S3 location managed by another AWS account, other than the one running SQLake.
You created an AWS_ROLE to access your bucket. However, the role running where you run SQLake doesn't have permission to assume your new role and access the location.

Possible Solutions

If you run on the SQLake cloud, follow the guide:

pageConfigure access to Amazon S3

If you run on a private VPC, contact your system administrator. Follow the above guide but configure the trust policy to allow where the VPC is installed to assume the role created to access your bucket.

PreviousUP20020 No access to database NextUP20040 Could not DROP entity used by a job or materialized view

Last updated 11 months ago