Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied

[wanjinyu1988]

User: arn:aws:iam:::user/gudsen is not authorized to perform: sts:AssumeRole on resource: aws:iam:::role/gudsen_role (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: b59b74ae-9126-4975-8a87-c987e092da76) how to solve this problem!!!

[wanjinyu1988]

AWS的角色/权限有没有配置好? access_token/签名 是否正确?

应该配置ok，你的应用能跑通吗？ SellersApi sellersApi = new SellersApi.Builder() .awsAuthenticationCredentials(awsAuthenticationCredentials) .lwaAuthorizationCredentials(lwaAuthorizationCredentials) .awsAuthenticationCredentialsProvider(awsAuthenticationCredentialsProvider) .endpoint("https://sellingpartnerapi-na.amazon.com") .build(); System.out.println(sellersApi.getMarketplaceParticipations()); 我这边这个demo跑不通

[wanjinyu1988]

I am a java language developer. The steps are according to the documentation.

(1)
https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#generating-a-java-sdk-with-lwa-token-exchange-and-authentication

(2) https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#connecting-to-the-selling-partner-api-using-a-generated-java-sdk.

The test code is as follows:

public static void main(String[] args) throws Exception{ AWSAuthenticationCredentials awsAuthenticationCredentials= AWSAuthenticationCredentials.builder() .accessKeyId("") .secretKey(""") .region("us-east-1") .build(); AWSAuthenticationCredentialsProvider awsAuthenticationCredentialsProvider=AWSAuthenticationCredentialsProvider.builder() .roleArn(""") .roleSessionName(""") .build(); LWAAuthorizationCredentials lwaAuthorizationCredentials = LWAAuthorizationCredentials.builder() .clientId(""") .clientSecret(""") .refreshToken(""*****") .endpoint("https://api.amazon.com/auth/o2/token") .build(); SellersApi sellersApi = new SellersApi.Builder() .awsAuthenticationCredentials(awsAuthenticationCredentials) .lwaAuthorizationCredentials(lwaAuthorizationCredentials) .awsAuthenticationCredentialsProvider(awsAuthenticationCredentialsProvider) .endpoint("https://sellingpartnerapi-na.amazon.com") .build(); System.out.println(sellersApi.getMarketplaceParticipations()); }

The error message is as follows：

Exception in thread "main" com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: ** is not authorized to perform: sts:AssumeRole on resource: ***** (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: f84228d2-c05f-43c4-9e5d-c85930a684ff)

Can anyone help to see the problem????

[parvathm]

Hi @wanjinyu1988,

Did you attach the policy to correct IAM ARN? If you have followed all the steps to create IAM User and IAM role as given in documentation but still receiving error using above sample code please open a support case for further investigation.

Thanks, Parvathm Selling Partner API Developer support.