Getting started with Neptune ML: problem accessing S3 to create endpoints

0

I am working through the getting started with Neptune ML notebook and I get an error in running the first cell in "configuring the endpoints": ERROR:root:An error occurred (403) when calling the HeadObject operation: Forbidden. I assume that this is some sort of permissioning error but I unable to get to the bottom of it. Has anybody experience something similar?

質問済み 2年前756ビュー
5回答
0

So I have worked around the access denied problem by setting the Bucket Policy to the following:

{
    "Version": "2012-10-17",
    "Id": "Policy1645542302826",
    "Statement": [
        {
            "Sid": "Stmt1645542298524",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<name_of_bucket>/*",
                "arn:aws:s3:::<name_of_bucket>"
            ]
        }
    ]
}

But I now encounter an error when running:

%load -s {response} -f csv -p OVERSUBSCRIBE --run
UsageError: option -f not recognized ( allowed: "yns:r:" )

Any further suggestions much appreciated.

回答済み 2年前
  • I have just tested this cell on my AWS account, and it appears to be working correctly:

    %load -s {response} -f csv -p OVERSUBSCRIBE --run

    Could you provide any more information?

0

Thanks, I am new to AWS and I am unsure which role the IAM policy needs to be attached to. This is the policy I am using:

    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aws-neptune-notebook",
                "arn:aws:s3:::aws-neptune-notebook/*",
                "arn:aws:s3:::pre-trained-neptune",
                "arn:aws:s3:::pre-trained-neptune/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "neptune-db:connect",
            "Resource": [
                "arn:aws:neptune-db:eu-west-2:480331504820:cluster-VOLJYAGWCPIMP7YUXPYUZ3OEM4/*"
            ]
        }
    ]
}

but I suspect its not attached to the correct role.

回答済み 2年前
0

Hello,

**This may help... **

hint: create a new cell (of type 'code'), type in print(s3_bucket_uri) and execute it, to show the current S3 bucket being used in the notebook.

**If you still need assistance... **

Within this same notebook, in the 1st cell underneath the heading "Loading Data", there is a script which sets an S3 bucket which is used throughout the notebook for loading data, storing training data and reformatting data. If this S3 bucket is in some way inaccessible from the Neptune cluster, or the Jupiter notebook, you may receive a 403.

My suggestion for moving forward is this:

  1. Create a new S3 bucket, taking care that it conforms to the guidance here: https://docs.aws.amazon.com/neptune/latest/userguide/bulk-load.html
  2. Navigate back to your "....Getting-Started-with-Neptune-ML...." notebook, and run the cells in order again from the beginning, taking care to set the "s3_bucket_uri=.." value underneath the heading "Loading Data" to your new S3 bucket.

If you execute the cells in order, from the beginning, after following the steps above, you should be able to successfully 'Configure the Endpoints'.

Kind regards,
Charles
Graph Architect
Amazon Neptune

AWS
回答済み 2年前
0

Hi! Good question, Does your IAM role have access to the bucket via s3:ListBucket? The HeadObject operation is tied to s3:ListBucket and if that permission is not there, the HeadObject call will return a 403.

Check the IAM Role that the Notebook is using. The trust relationship on that role should trust sagemaker (service). On that IAM role, one of the attached policies will need s3:ListBucket (allow).

https://docs.aws.amazon.com/neptune/latest/userguide/graph-notebooks.html

jsonc
回答済み 2年前
0

Thanks Charles. I have followed your suggestion started afresh. I am encountering and error in running the second cell in Loading Data now:

ERROR:root:Failed to upload /home/ec2-user/data/formatted/user_vertex.csv to bucket-for-neptune-richard/neptune/neptune-formatted/movielens-100k/user_vertex.csv: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

I recall having the same error and working around it last time too, but would appreciate your insight.

回答済み 2年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ