Unable to create role in aws with the json provided by atlas data lake

kgaddam0212 · August 27, 2019, 7:58pm

Hi Matt,

when I tried to create policy using below JSON from atlas, I am getting error when I click review policy “This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies”
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::962727799805:user/atlas-data-lake”
},
“Action”: “sts:AssumeRole”,
“Condition”: {
“StringEquals”: {
“sts:ExternalId”: “0cc954f8-3d27-4304-a78c-c8dfabf5d071”
}
}
}
]
}

Thanks
Karun Gaddam

mattjavaly · August 28, 2019, 5:54pm

Hello kgaddam0212,

Thanks for the note. Just to confirm, are you using the following command:

aws iam create-role \
  --role-name mdb-dl-role \
  --assume-role-policy-document file://dl-role-trust.json

The file dl-role-trust.json should contain the JSON you posted above.

Let me know if this helps.

Matt

kgaddam0212 · August 29, 2019, 1:48am

Hi Matt,

I created role and policy from console. Data lake created successfully. I am trying to connect. what is username and password?

Thanks

kgaddam0212 · August 29, 2019, 1:37pm

Never mind. I used atlas admin user credentials to access the data and it worked.

Thanks

mattjavaly · August 29, 2019, 3:20pm

Hello kgaddam0212,

Glad to hear you solved it!! Hopefully this thread can help other students in the future.

Matt