我对 boto3 start_transcription_job 函数中的 DataAccessRoleArn 设置有疑问
下面是我的代码:
transcribe.start_transcription_job(TranscriptionJobName=transcriptname,
Media = {"MediaFileUri": s3_url},
MediaFormat = file_type,
OutputBucketName = outputbucket,
Settings={
'ShowSpeakerLabels':True,
'MaxSpeakerLabels':2
},
JobExecutionSettings ={
'AllowDeferredExecution':True,
'DataAccessRoleArn':'arn:aws:iam::358110801253:role/service-role/transcribe-role-k5easa7b'
},
LanguageCode = language)
如果我注释掉 JobExecutionSettings 部分,它会完美运行。但是我想打开 AllowDeferredExecution,这样我就必须分配一个 DataAccessRoleArn。我在此处分配的角色可以完全访问 lambda 和 S3,但我仍然收到如下错误:
[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the StartTranscriptionJob operation: User: arn:aws:sts::358110801253:assumed-role/transcribe-role-k5easa7b/transcribe is not authorized to perform: iam:PassRole on resource: arn:aws:iam::358110801253:role/service-role/transcribe-role-k5easa7b
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 43, in lambda_handler
transcribe.start_transcription_job(TranscriptionJobName=transcriptname,
File "/var/runtime/botocore/client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 626, in _make_api_call
raise error_class(parsed_response, operation_name)END RequestId: 88e3bb78-60c1-42e5-a2e1-717918b6f7b9