Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Facing issue while creating a table in Athena

0

© Exception in User Class: org.apache.spark.sql.catalyst.analysis.AccessControlException : User: arn:aws:sts::awsaccoundid:assumedRole/IAMRole/GlueJobRunnerSessionisnotauthorizedto perform: glue:CreateTable on resource: arn:aws:glue:us-east-1:glueaccountid:table/database/tablename because no identity-based policy allows the glue:CreateTable action (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException;) and my code is def createTable (spark: SparkSession, dbName: String, tableName: String, s3FileLocation: Strin var tableDescription: String = "" var schemaString : String = "" if (tableName == "xyz") { tableDescription = "Global Auth Login" schemaString = schema. Tablenameschema.fields .map(field => field.name.replaceAl("""^""", "") .concat (" ") . concat (field. dataType. typeName match { case "timestamp" => "string" case "Long" => "string" case "boolean" => "string" case smt => smt})) .mkString(" , \n") } spark.sql(s"DROP TABLE IF EXISTS ${dbName].${tableName]") val tableQuery = s""" |CREATE EXTERNAL TABLE IF NOT EXISTS ${dbName} .$(tableName] (${schemaString) ISTORED AS PARQUET ¡COMMENT '${tableDescription]' |LOCATION '$(s3FileLocation}" ITBLPROPERTIES ("skip.header . line.count" = "¡") www.stripMargin spark.sql(tableQuery)

Themen
Analysen
Tags
Amazon AthenaAWS Glue
Sprache
English
Madhu
gefragt vor 10 Monaten336 Aufrufe
1 Antwort
0

Hi Madhu,

From the error message it seems that permissions to create table is missing to IAM role.

Please refer CREATE TABLE section at Fine-grained access to databases and tables in the AWS Glue Data Catalog and add these permissions to IAM role being used here.

Once you add these permissions to respective IAM role either by adding a new policy to role or updating one of the already attached policy to this role, this error would be resolved.

Hope you find this information helpful.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERTE
secondabhi_aws
beantwortet vor 10 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 10 Monaten
  • Madhu
    vor 10 Monaten

    @secondabhi_aws I had added all the permissions for table and database to create in Athena , "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue: BatchDeleteTable", "glue:DeleteTableversion", "glue:BatchDeleteTableversion" "glue:CreatePartition" "glue:UpdatePartition", "glue:DeletePartition", "glue: BatchcreatePartition", "glue: BatchDeletePartition", "glue:CreateUserDefinedFunction" "glue:UpdateUserDefinedFunction" "glue: DeleteUserDefinedFunction", "glue: CreateDatabase" "glue:DeleteDatabase" "glue: UpdateDatabase "glue:Get*" "glue: BatchGet*" -> these are added for both glue id and Aws account id . Let me know if I’m still missing anything

  • secondabhi_aws EXPERTE
    vor 10 Monaten

    Hi Madhu, Can you also mention here the resource section of this policy by masking the account information. That would help me to identify the problem.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt