Unable to create role in aws with the json provided by atlas data lake

Hi Matt,

when I tried to create policy using below JSON from atlas, I am getting error when I click review policy “This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::962727799805:user/atlas-data-lake”
},
“Action”: “sts:AssumeRole”,
“Condition”: {
“StringEquals”: {
“sts:ExternalId”: “0cc954f8-3d27-4304-a78c-c8dfabf5d071”
}
}
}
]
}

Thanks
Karun Gaddam

Hello kgaddam0212,

Thanks for the note. Just to confirm, are you using the following command:

aws iam create-role \
  --role-name mdb-dl-role \
  --assume-role-policy-document file://dl-role-trust.json

The file dl-role-trust.json should contain the JSON you posted above.

Let me know if this helps.

Matt

Hi Matt,

I created role and policy from console. Data lake created successfully. I am trying to connect. what is username and password?

Thanks

Never mind. I used atlas admin user credentials to access the data and it worked.

Thanks

Hello kgaddam0212,

Glad to hear you solved it!! Hopefully this thread can help other students in the future.

Matt