I am struggling with AWS IAM Role Policies, I am following a tutorial for Lambda function to read from s3 bucket event when a new file is uploaded and send it to AWS MediaConvert to convert the video file. Lambda function is being able to read from s3 in test but it fails the job at MediaConvert.
I have set the policies to the roles and also gave inline policies but still I am unable to get it working.
AWS Elemental MediaConvert Screenshot
Policies set for IAM ROLE
Json for inline policy
lambda-s3-policy-inlinepolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ExampleStmt",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-mybucket-01/*"
]
}
]
}
Policy Summary PolicySummaryImg
VodLambdaRole
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "Logging"
},
{
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::myAccountID:role/my-lambda-role"
],
"Effect": "Allow",
"Sid": "PassRole"
},
{
"Action": [
"mediaconvert:*"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "MediaConvertService"
},
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": "arn:aws:iam::myAccountID:role/my-lambda-role"
}
]
}
Make sure that the IAM Role assigned to the MediaConvert job has a Trust Policy that trusts MediaConvert:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "mediaconvert.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
This is normally generated automatically when you create an IAM Role in the management console and select MediaConvert as the Service.