Click here to Skip to main content
15,845,565 members
Please Sign up or sign in to vote.
1.00/5 (3 votes)
See more:
I'm using Amazon Kendra to build a semantic search engine. Following is a piece of my Python code written in Sagemaker notebook:
kendra = boto3.client("kendra",region_name='us-east-1')    
index_id = "05d8defe-e2-a9e3-3534de"
query = "boots please"

response = kendra.query(
    QueryText = query1,
    IndexId = index_id

'response' is giving me the error:

AccessDeniedException: An error occurred (AccessDeniedException) when calling the Query operation: User: arn:aws:sts::9174853:assumed-role/AmazonSageMaker-ExecutionRole-2023083103184/SageMaker is not authorized to perform: kendra:Query on resource: arn:aws:kendra:us-east-1:9174853:index/5ba72cde-24e-8736-020a21bce

What I have tried:

Here are the basic steps I've followed: Create a bucket in S3, load the dataset, create an index in Kendra & assign it a role, connect the index with the data source (S3) & assign it a new role (different from the index role), sync the data & execute the above-mentioned code.

Some clarifications:

  • I haven't assigned permissions anywhere & I'm the only user here.
  • I have created different IAM roles for the index & data source.

Update: I assigned the Kendra role under IAM --> Roles all the necessary permissions - S3FullAccess, AdministratorAccess, Sgemaker access, & access to other roles. The error persists.

Why am I getting this error & how do I fix it?
Updated 20-Sep-23 2:17am
Richard MacCutchan 20-Sep-23 7:51am    
You need to contact Amazon, it is their system.
Apoorva 2022 20-Sep-23 10:54am    
Thank You. I contacted their support team & my issue has been resolved. Will post the solution.

1 solution

I fixed the issue. Here's how I did it:

I attached "AmazonKendraFullAccess" policy to the SageMaker role (AmazonSageMaker-ExecutionRole-xxxxxxxx) in the AWS Identity and Access Management (IAM) console.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900