Comment on page

UP20030 No permissions to assumeRole

The error you see is of the kind:
No permissions to perform sts:AssumeRole on the given role,
please check that the given role has the wanted trusted entity (check documentation)
and that the external id matches the condition in the role.
Original Message:
User: arn:aws:sts::428641199958:assumed-role/upsolver-api/i-0c31b9143ea9ce8cb
is not authorized to perform: sts:AssumeRole on
resource: arn:aws:iam::XXXXXX:user/you (Service: AWSSecurityTokenService;
Status Code: 403; Error Code: AccessDenied;
Request ID: XXXXXX-ac95-4cff-bca7-e3b60e6c8174; Proxy: null)

Possible Causes

  • The error happens when there is an attempt to connect an S3 location managed by another AWS account, other than the one running SQLake.
  • You created an AWS_ROLE to access your bucket. However, the role running where you run SQLake doesn't have permission to assume your new role and access the location.

Possible Solutions

  • If you run on the SQLake cloud, follow the guide:
  • If you run on a private VPC, contact your system administrator. Follow the above guide but configure the trust policy to allow where the VPC is installed to assume the role created to access your bucket.