khanakia
commented
2 years ago @gwilburn68 You can try this https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/
Closed gwilburn68 closed 2 years ago
khanakia
commented
2 years ago @gwilburn68 You can try this https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/
gwilburn68
commented
2 years ago @gwilburn68 You can try this https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/
Thanks. I can give that a try. Does this also log calls to the sellingpartner-na endpoints?
khanakia
commented
2 years ago As far i know it will only log authorization error. But you can give it a try.
gwilburn68
commented
2 years ago As far i know it will only log authorization error. But you can give it a try.
So I stumbled through the setup. I then ran my Postman collection:
The only thing I can find in the logging is step amzn/selling-partner-api-models#671 above. I ran a query doing "Select * from myfile". I could see a bunch of entries, but could not match up the User Agent I'm using or the reqeust ID's returned from the various APIs.
It did not log any of the other calls (including the one in error).
No idea where to go now.
khanakia
commented
2 years ago @gwilburn68 Did you check this https://github.com/amzn/selling-partner-api-models/issues/1255 ?
gwilburn68
commented
2 years ago @khanakia This was it... Amazon's stupid instructions doesn't tell me I need to NOT create the ARN Role and NOT use it when I have my App registered with the ARN USER. https://github.com/amzn/selling-partner-api-models/issues/943 Support finally got back to me to tell me this. I do not need to use the assumeRole on STS to get temporary access key and secret key.
I also got my App approved today - so that may have helped to.
Thank you for your help!
Adrian-T-AMZN
commented
2 years ago Hello @gwilburn68,
Thank you for reaching out regarding the Access Denied error Migrating from MWS.
I see that developer support has provided you with the solution for this issue, which is not using the assumeRole on STS to get temporary access key and secret key when your app is associated to an IAM User.
This instruction can actually be found on our documentation: https://developer-docs.amazon.com/sp-api-blog/docs/migrate-seller-authorizations-from-mws-to-sp-api#step-2-generate-temporary-credentials-using-aws-security-token-service-aws-sts
If the information available in the documentation link provided above does not fully resolve your inquiry, please open a support case with us.
Thanks, Adrian T. Selling Partner API Developer Support
supoman-service
commented
3 months ago If you need it, you can take a look or contact me.
@khanakia
I posed this question on another thread which is now closed...
I am also getting this error. Migrating from MWS, so I followed the setup process as outlined in dev guide (and in your previous responses). In Postman (and using my code) I am able to
But when I use the Access Key, Secret Key, Session Token from the assumeRole and Access Token to hit the Restricted Data Token. I get: { "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] } This is a Private (Internal) Developer Application I can currently access PII using the MWS API I had to write my own signing software (I'm on an IBM i system and cannot use the SDKs) I had updated my profile to add "Tax" access and now my "Developer Registration is Under Review" My App ID is in Draft status and is associated with my user ARN
I have a case open with Amazon currently
Any suggestions?