My lambda needs to call Rekognition’s SearchFacesByImage API. Upon invoking the deployed function, when calling the rekognition client’s search_faces_by_image, I’m getting the error:
AccessDeniedException: An error occurred (AccessDeniedException) when calling the SearchFacesByImage operation: User: (my user) is not authorized to perform: rekognition:SearchFacesByImage on resource: arn:aws:rekognition:us-east-1 raise error_class(parsed_response, operation_name) _make_api_callmager
I have this in my serverless.yaml:
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:*"
Resource:
{ "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": "somebucket-test" }]] }
- Effect: "Allow"
Action:
- "rekognition:*"
Resource: "*"
The permissions for the S3 bucket seem to be working, but the rekognition one does not.
Any ideas?
Thanks