- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
It turns out, the objects in the bucket were encrypted with a specific KMS key, even though the bucket settings were set to use an Amazon S3-managed key (SSE-S3). So the error message was correct.
When I exported from HealthLake to S3, it prompted me to create or provide a KMS key to encrypt the output data, so that overrode the bucket-wide encryption settings.
Once I updated the KMS key policy to allow the Glue Crawler's Role and I used a single-region instead of a multi-region KMS key, the error went away.
Thank you Yann,
The section that states 'updated the KMS key policy to allow the Glue Crawler's Role' is what helped me.
I clicked on my KMS Key that I created for moving Healthlake data to S3 and added the IAM role I created for my Glue job (starts with AWSGlueServiceRole) to both 'Key administrators' and 'Key users.'
That did the trick!
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- Come posso risolvere gli errori 400 con accesso negato per il testo criptato di AWS KMS in AWS Glue?AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa