Search code examples
amazon-s3amazon-sagemakeramazon-kendra

AccessDeniedException in Amazon Kendra

I'm using Amazon Kendra to build a semantic search engine. Following is a piece of my Python code written in Sagemaker notebook:

kendra = boto3.client("kendra",region_name='us-east-1')    
index_id = "05d8defe-e2-a9e3-3534de"
query = "boots please"

response = kendra.query(
    QueryText = query1,
    IndexId = index_id
)

'response' is giving me the error:

AccessDeniedException: An error occurred (AccessDeniedException) when calling the Query operation: User: arn:aws:sts::9174853:assumed-role/AmazonSageMaker-ExecutionRole-2023083103184/SageMaker is not authorized to perform: kendra:Query on resource: arn:aws:kendra:us-east-1:9174853:index/5ba72cde-24e-8736-020a21bce

Here are the basic steps I've followed: Create a bucket in S3, load the dataset, create an index in Kendra & assign it a role, connect the index with the data source (S3) & assign it a new role (different from the index role), sync the data & execute the above-mentioned code.

Some clarifications:

  1. I haven't assigned permissions anywhere & I'm the only user here.
  2. I have created different IAM roles for the index & data source.

Why am I getting this error & how do I fix it?

Solution

  • I fixed the issue. Here's how I did it:

    I attached "AmazonKendraFullAccess" policy to the SageMaker role (AmazonSageMaker-ExecutionRole-xxxxxxxx) in the AWS Identity and Access Management (IAM) console.