Permission denied encountered while consuming data from Kinesis.
This can happen if:
The provided aws_role_arn does not exist or does not have the
appropriate permissions attached.
The provided aws_role_arn is not set up properly for Identity
Federation using gcp_service_account.
The Pub/Sub SA is not granted the
iam.serviceAccounts.getOpenIdToken permission on
gcp_service_account.
PublishPermissionDenied
Permission denied encountered while publishing to the topic. This can
happen if the Pub/Sub SA has not been granted the appropriate publish
permissions
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page provides documentation for the \u003ccode\u003eIngestionDataSourceSettings.Types.AwsKinesis.Types.State\u003c/code\u003e enum within the Google Cloud Pub/Sub v1 API, covering versions from 2.3.0 up to the latest 3.23.0.\u003c/p\u003e\n"],["\u003cp\u003eThe enum \u003ccode\u003eIngestionDataSourceSettings.Types.AwsKinesis.Types.State\u003c/code\u003e represents the possible states for data ingestion from Amazon Kinesis Data Streams.\u003c/p\u003e\n"],["\u003cp\u003eThere are six defined states: \u003ccode\u003eActive\u003c/code\u003e, \u003ccode\u003eConsumerNotFound\u003c/code\u003e, \u003ccode\u003eKinesisPermissionDenied\u003c/code\u003e, \u003ccode\u003ePublishPermissionDenied\u003c/code\u003e, \u003ccode\u003eStreamNotFound\u003c/code\u003e, and \u003ccode\u003eUnspecified\u003c/code\u003e, each with specific meanings regarding the ingestion process.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKinesisPermissionDenied\u003c/code\u003e state occurs if the \u003ccode\u003eaws_role_arn\u003c/code\u003e is improperly set up or lacks the correct permissions, and if the service account is not granted the \u003ccode\u003eiam.serviceAccounts.getOpenIdToken\u003c/code\u003e permission on the \u003ccode\u003egcp_service_account\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ePublishPermissionDenied\u003c/code\u003e state indicates that the Pub/Sub service account has not been granted the necessary permissions to publish to the topic, as detailed in the provided link.\u003c/p\u003e\n"]]],[],null,[]]
