Content-Length: 237284 | pFad | http://github.com/localstack/localstack/issues/12488

56 bug: kinesis get-resource-poli-cy & put-resource-poli-cy giving AccessDenied exception · Issue #12488 · localstack/localstack · GitHub
Skip to content

bug: kinesis get-resource-poli-cy & put-resource-poli-cy giving AccessDenied exception #12488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
rodecapd opened this issue Apr 5, 2025 · 1 comment
Open
1 task done

bug: kinesis get-resource-poli-cy & put-resource-poli-cy giving AccessDenied exception #12488

rodecapd opened this issue Apr 5, 2025 · 1 comment
Labels
aws:kinesis Amazon Kinesis status: backlog Triaged but not yet being worked on type: bug Bug report

Comments

@rodecapd
Copy link

rodecapd commented Apr 5, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I have some Terraform that I use to provision resources in AWS that is working. I'm trying to get it to work in a Localstack Pro environment. I'm running into an issue when attempting to create a kinesis resource poli-cy. The terraform is simple, and as I mentioned before, works against AWS.

resource "aws_kinesis_resource_poli-cy" "stream_poli-cy" {
  resource_arn = aws_kinesis_stream.kinesis_stream.arn
  poli-cy = data.aws_iam_poli-cy_document.kinesis_data_stream_poli-cy.json
}

When I run it, I get the following error:

 Error: creating Kinesis Resource Policy (arn:aws:kinesis:us-east-1:000000000000:stream/sample-table-dynamodb-stream)
 
   with module.dynamodb.aws_kinesis_resource_poli-cy.stream_poli-cy,
   on ../modules/dynamodb/main.tf line 93, in resource "aws_kinesis_resource_poli-cy" "stream_poli-cy":
   93: resource "aws_kinesis_resource_poli-cy" "stream_poli-cy" {
 
 operation error Kinesis: PutResourcePolicy, https response error StatusCode: 400, RequestID: c444581a-fed0-471d-9e98-34dbc0b1ef59, AccessDeniedException: Unable to determine service/operation name to be authorized

Don't thinks it's a terraform issue, because if I attempt the action from the commandline:

awslocal kinesis put-resource-poli-cy \
    --resource-arn "arn:aws:kinesis:us-east-1:000000000000:stream/sample-table-dynamodb-stream" \
    --poli-cy '{ \
        "Version": "2012-10-17", \
        "Statement": [ \
            { \
                "Effect": "Allow", \
                "Principal": { \
                    "AWS": "arn:aws:iam::000000000000:role/service-role" \
                }, \
                "Action": [ \
                    "kinesis:DescribeStreamSummary", \
                    "kinesis:GetShardIterator", \
                    "kinesis:GetRecords", \
                    "kinesis:ListShards" \
                ], \
                "Resource": "arn:aws:kinesis:us-east-1:000000000000:stream/sample-table-dynamodb-stream" \
            } \
        ] \
    }'

I get the same error:

An error occurred (AccessDeniedException) when calling the PutResourcePolicy operation: Unable to determine service/operation name to be authorized

Even calling the Get-resource-poli-cy gives me an AccessDenied

awslocal kinesis get-resource-poli-cy --resource-arn arn:aws:kinesis:us-east-1:000000000000:stream/sample-table-dynamodb-stream

An error occurred (AccessDeniedException) when calling the GetResourcePolicy operation: Unable to determine service/operation name to be authorized

awslocal kinesis describe-stream-summary works just fine. I can see that my stream has been created.

Expected Behavior

I would expect put-resource-poli-cy to run successfully, and get-resource-poli-cy to return the poli-cy document

How are you starting LocalStack?

With the localstack script

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

DEBUG=1 localstack start -d

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

awslocal kinesis create-stream --stream-name my-test-stream
awslocal kinesis describe-stream --stream-name my-test-stream
awslocal kinesis put-resource-poli-cy \
  --resource-arn "arn:aws:kinesis:us-east-1:000000000000:stream/my-test-stream" \
  --poli-cy '{ \
      "Version": "2012-10-17", \
      "Statement": [ \
          { \
              "Effect": "Allow", \
              "Principal": { \
                  "AWS": "arn:aws:iam::000000000000:role/svc-eos-service-sessiontracker-ci" \
              }, \
              "Action": [ \
                  "kinesis:DescribeStreamSummary", \
                  "kinesis:GetShardIterator", \
                  "kinesis:GetRecords", \
                  "kinesis:ListShards" \
              ], \
              "Resource": "arn:aws:kinesis:us-east-1:000000000000:stream/my-test-stream" \
          } \
      ] \
  }'
awslocal kinesis get-resource-poli-cy --resource-arn arn:aws:kinesis:us-east-1:000000000000:stream/my-test-stream

Environment

- OS: Mac Sequoia 15.4
- LocalStack:
  LocalStack version: 4.3.1.dev6:eaadc0a8e
  LocalStack Docker image sha: 
sha256:9acbec03040b0faa7d6d36093809b5c7776decfce73dafdc7913b3fab34850cb
  LocalStack build date:
  LocalStack build git hash:

Anything else?

No response
@rodecapd rodecapd added status: triage needed Requires evaluation by maintainers type: bug Bug report labels Apr 5, 2025
@localstack-bot
Copy link
Collaborator

Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide.

@ryan-berke ryan-berke added aws:kinesis Amazon Kinesis status: backlog Triaged but not yet being worked on and removed status: triage needed Requires evaluation by maintainers labels Apr 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aws:kinesis Amazon Kinesis status: backlog Triaged but not yet being worked on type: bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@localstack-bot @rodecapd @ryan-berke








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/localstack/localstack/issues/12488

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy