Permission denied encountered while consuming data from Kinesis.
This can happen if:
The provided aws_role_arn does not exist or does not have the
appropriate permissions attached.
The provided aws_role_arn is not set up properly for Identity
Federation using gcp_service_account.
The Pub/Sub SA is not granted the
iam.serviceAccounts.getOpenIdToken permission on
gcp_service_account.
PublishPermissionDenied
Permission denied encountered while publishing to the topic. This can
happen if the Pub/Sub SA has not been granted the appropriate publish
permissions
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-31 UTC."],[[["This page provides documentation for the `IngestionDataSourceSettings.Types.AwsKinesis.Types.State` enum within the Google Cloud Pub/Sub v1 API, covering versions from 2.3.0 up to the latest 3.23.0."],["The enum `IngestionDataSourceSettings.Types.AwsKinesis.Types.State` represents the possible states for data ingestion from Amazon Kinesis Data Streams."],["There are six defined states: `Active`, `ConsumerNotFound`, `KinesisPermissionDenied`, `PublishPermissionDenied`, `StreamNotFound`, and `Unspecified`, each with specific meanings regarding the ingestion process."],["The `KinesisPermissionDenied` state occurs if the `aws_role_arn` is improperly set up or lacks the correct permissions, and if the service account is not granted the `iam.serviceAccounts.getOpenIdToken` permission on the `gcp_service_account`."],["The `PublishPermissionDenied` state indicates that the Pub/Sub service account has not been granted the necessary permissions to publish to the topic, as detailed in the provided link."]]],[]]
