I have created a new Athena account which is required for demo purposes. When trying to configure the Athena connector and assign the Lmbda function I get the following error.
We cannot update the IAM Role. The reason could be one or more from the following:
- The role does not explicitly trust QuickSight service principal.
- Following policies are either not attached to the QuickSight role or attached to more than one:
- arn:aws:iam::819603067923:policy/service-role/AWSQuickSightLambdaPolicy
- Make sure the credentials youâre using have following permissions:
- iam:CreateRole, iam:CreatePolicy, iam:AttachRolePolicy, iam:CreatePolicyVersion, iam:DeletePolicyVersion, iam:ListAttachedRolePolicies, iam:GetRole, iam:GetPolicy, iam:DetachRolePolicy, iam:GetPolicyVersion and iam:ListPolicyVersions
My user has the required iam permissions
{
âVersionâ: â2012-10-17â,
âStatementâ: [
{
âSidâ: âVisualEditor0â,
âEffectâ: âAllowâ,
âActionâ: [
âiam:GetRoleâ,
âiam:DetachRolePolicyâ,
âiam:DeleteRoleâ,
âiam:AttachRolePolicyâ,
âiam:CreateRoleâ
],
âResourceâ: [
â"
]
},
{
âSidâ: âVisualEditor1â,
âEffectâ: âAllowâ,
âActionâ: [
âiam:ListPoliciesâ,
âiam:GetPolicyVersionâ,
âiam:GetRoleâ,
âiam:GetPolicyâ,
âiam:ListPolicyVersionsâ,
âiam:ListAttachedRolePoliciesâ,
âiam:GenerateServiceLastAccessedDetailsâ,
âiam:ListEntitiesForPolicyâ,
âiam:ListPoliciesGrantingServiceAccessâ,
âiam:ListRolesâ,
âiam:GetServiceLastAccessedDetailsâ,
âiam:ListAccountAliasesâ,
âiam:ListRolePoliciesâ,
âs3:ListAllMyBucketsâ
],
âResourceâ: "â
},
{
âSidâ: âVisualEditor2â,
âEffectâ: âAllowâ,
âActionâ: [
âiam:DeletePolicyâ,
âiam:CreatePolicyâ,
âiam:CreatePolicyVersionâ,
âiam:DeletePolicyVersionâ
],
âResourceâ: [
â*â
]
}
]
}
and the aws-quicksight-service-role-v0 role has the following policies attached
AWSQuickSightIAMPolicy
AWSQuickSightLambdaPolicy
Any ideas on what I am doing wrong?
Thanks,
Heath