SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Access Denied Error on Segment AWS S3 (Actions) Destination

Issue

You are attempting to send a test event or run a sync to an AWS S3 (Actions) destination in Segment, but the operation fails with an Access Denied error. This error occurs when Segment tries to assume the specified AWS Identity and Access Management (IAM) role.

 

Product

Twilio Segment

 

Environment 

Segment Console

 

Cause

This issue occurs when the External ID configured within your Segment destination settings does not match the sts:ExternalId condition defined in your AWS IAM role's trust policy. AWS requires these values to match exactly for the AssumeRole operation to succeed.

 

Resolution

To resolve this issue, ensure that the External ID matches exactly between Segment and AWS by following these steps:

  1. Log in to your AWS Management Console and navigate to the IAM service.

  2. Select Roles and click on the specific IAM role configured for your Segment destination.

  3. Open the Trust relationships tab and review the value specified for the sts:ExternalId condition.

  4. Log in to your Segment workspace and navigate to your S3 (Actions) Destination.

  5. Go to the destination settings page where the connection details are defined.

  6. Locate the External ID field and update it to match the exact string found in your AWS trust policy.

  7. Save the changes in Segment and attempt to send a test event to verify the connection is successful.

 

Additional Information

For more details on configuring this destination, see the Segment product documentation here

 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk