How do I troubleshoot "Failed to create Studio" errors in Amazon EMR Studio?

2 minute read
0

I want to troubleshoot "Failed to create Studio" errors in Amazon EMR Studio.

Short description

When you create an Amazon EMR Studio, you might receive the following error messages:

"Failed to create Studio. User: xxxx is not authorized to perform: elasticmapreduce:<action> on resource: arn:aws:elasticmapreduce:us-east-1:xxxx:studio/* because no identity-based policy allows the elasticmapreduce:<action> action."

"Failed to create Studio. Failed to create Serverless application. You do not have permission to use EMR Serverless API createApplication. Request permission from your administrator."

"Failed to create Studio. The service role does not have permission to access the <example-bucket-name>. Review the policies for the service role and the S3 bucket policy to ensure that the permission is granted."

"Failed to create Studio. ServiceRole does not have permission to access the S3 Location or associated KMS key(s). Review the policies for the service role and the resource policies for the S3 location and KMS key(s) to ensure that permission is granted."

Resolution

Check the Amazon EMR Studio user permissions

Confirm that the Amazon EMR Studio user's AWS Identity and Access Management (IAM) role has the required permissions. The permissions are based on the Amazon EMR Studio operations that the user must perform and the cluster type that connects from the workspaces.

To view an example policy, see EMR Serverless interactive policy.

Check the Amazon EMR Studio service role

The Amazon EMR Studio service role has permissions that allow the studio to interact with other AWS services. Confirm that the Amazon EMR Studio service role has the required permissions based on the operations that the studio performs with the service role.

For more information, see Minimum service role for EMR Serverless.

Check the resource-level and deny permissions

If you use Amazon Simple Storage Service (Amazon S3) encryption, then make sure that you grant access on the Amazon S3 bucket permissions policy and the AWS Key Management Service (AWS KMS) key policy. For more information, see My Amazon S3 bucket has default encryption using a custom AWS KMS key. How can I allow users to download from and upload to the bucket?

Also, deactivate proxy management tools, such as FoxyProxy or SwitchyOmega, in the browser before you create a studio. Active proxies might result in a Network Failure error message when you choose Create Studio.

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago