Running crawler in AWS Glue but with data lake permissions error help

Question

Hi I have an error when I run a data crawler the problem is that I configured the AIM rol for the crawler adding the Glue Service Rol, the S3 full access and the Glue full access console so I'm not really sure what is missing but is someone could guide me I'm worning for a project where the admin give me the aws account to create a crawler but I'm sure that I don't have the permissions so if someone have more info about how to give me permissions or how to configurate this because I have 2 days doing reasearch and I still don't fix anything I do really need help, this is my error:

Insufficient Lake Formation permission(s) on archivoscsv (Database name: aws-glue-lalo-test-crawler, Table Name: archivoscsv) (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 8cd54006-a723-4ea8-809a-9c70308f6fe4; Proxy: null). For more information, see Setting up IAM Permissions in the Developer Guide (http://docs.aws.amazon.com/glue/latest/dg/getting-started-access.html).

Answer

From what you stated, you have added the following permissions to the Glue Crawler IAM Role:
*  S3 full access
* Glue full access

Though your error states "Insufficient Lake Formation permission(s)". Lake Formation has its own set of IAM permissions.  If you follow the guide [here](https://repost.aws/knowledge-center/troubleshoot-iam-permission-errors), you can use CloudTrail to determine the exact API/Action that is triggering the failure. You can also try one of the [managed Lake Formation IAM policies](https://docs.aws.amazon.com/lake-formation/latest/dg/permissions-reference.html#lf-managed-policies). One of the roles it lists is `AWSGlueConsoleFullAccess`, which sounds like you have already applied.  I am guessing that the `AWSLakeFormationDataAdmin` policy will resolve your issue, but determining the exact API call will give you least privilege access.

Running crawler in AWS Glue but with data lake permissions error help

関連するコンテンツ