I'm trying to connect to the Amazon Selling Partners API (SP-API) using the node.js library and am coming across an extremely odd error which seems to be telling me I can't assume my own role?
CustomError: User: arn:aws:iam::11111:user/bob is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::11111:user/bob
I'm fairly new to AWS but I'm pretty sure that this inline policy for the user should be sufficient for what I'm trying to do, I've even made it work for all resources rather than just the SellingPartners role I'd previously created:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
Here's my full code in case it helps:
const SellingPartnerAPI = require('amazon-sp-api');
(async() => {
try {
let sellingPartner = new SellingPartnerAPI({
region:'na', // The region to use for the SP-API endpoints ("eu", "na" or "fe")
refresh_token:'xxxxxx', // The refresh token of your app user
credentials:{
SELLING_PARTNER_APP_CLIENT_ID:'xxxxx',
SELLING_PARTNER_APP_CLIENT_SECRET:'xxxxx',
AWS_ACCESS_KEY_ID:'xxxx',
AWS_SECRET_ACCESS_KEY:'xxxxx',
AWS_SELLING_PARTNER_ROLE:'arn:aws:iam::11111:user/bob'
}
});
let res = await sellingPartner.callAPI({
operation:'getOrders',
endpoint:'orders'
});
console.log(res);
} catch(e) {
console.log(e);
}
})();
The ARN arn:aws:iam::11111:user/bob describes a User not a role.
It should probably be something like arn:aws:iam::11111:role/your-role-name if the client expects a Role ARN.