AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

Glue Service error - Denied Access

0

When I click button "Create Crawler" in AWS Glue service, I failed. But I set up generated IAM Role with permission policy "AdministratorAccess" for this subcribe account. Please help me solve this issue. Thank you so much.

my error: Account xxxxxxxxxxxx denied access

2回答
0

Verify that your AWS account has sufficient permissions to use the AWS Glue service. Specifically, ensure that the IAM user or role you're using to access AWS Glue has the "glue:*" permissions or specific permissions for the actions you want to perform.

profile picture
回答済み 2年前
0

Hi, thank you for your question!

Let me start by providing this documentation of a step-by-step guide on how to create an AWS Glue crawler that you can follow along: https://docs.aws.amazon.com/glue/latest/ug/tutorial-add-crawler.html#tutorial-add-crawler-step1

If you encounter an "Access Denied" error when trying to create a crawler in AWS Glue, even though you have configured the IAM Role with "AdministratorAccess," there could be several reasons for this issue. Here are some steps you can take to troubleshoot and resolve the problem.

First, you need to verify the trust relationship. Ensure that the trust relationship for the IAM Role allows AWS Glue to assume the role. The trust relationship should have a policy document that includes "glue.amazonaws.com" as a trusted entity.

Second, check if there are any resource-based policies attached to the AWS Glue resources (e.g., S3 buckets, databases) that might be restricting access. Resource-based policies can override permissions granted through IAM roles.

In case you are using a VPC, you can also check if the AWS Glue service has VPC endpoint access enabled and that it is configured correctly.

Finally, you can also review your CloudTrail logs to check for any detailed error messages or additional information about the "Access Denied" error. CloudTrail logs can provide insights into the exact actions that were denied and the reason for the denial. You can filter by the Event Source with the value "glue.amazonaws.com" to locate failed CloudTrail events specific to the Glue service. To learn more about viewing CloudTrail events in the CloudTrail console, you can refer to the following documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events

Hope this helps!

AWS
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ