How do I troubleshoot common Workspace issues in Amazon EMR Studio?

4 minute read
0

I want to troubleshoot common Workspace issues in Amazon EMR Studio.

Short description

After you create a Workspace in Amazon EMR Studio, you might experience the following issues:

  • Workspace doesn't open and is spinning and running into Idle state.
  • Workspaces fail to load because of a network error or other unknown reasons.
  • Workspaces are missing or can't be deleted.
  • A Workspace (notebook) is stopped and the service role doesn't have the required permissions.

Resolution

Troubleshoot your Workspace in Amazon EMR Studio based on the following issues:

Workspace doesn't open and is spinning and running into Idle state

If your Workspace doesn't open and is in an Idle state, then you might experience the following error:

"Invalid Parameter value - Security group: "sg-nnnnnnn" is not contained in the parent network of "subnet-nnnnnnnnn"

This issue occurs when the configured security group or subnet isn't attached to the parent Amazon Virtual Private Cloud (Amazon VPC). To resolve this issue, make sure that your security group and subnets in the subnet group are attached to the same Amazon VPC.

Also, Amazon EMR Studio uses two security groups (engine security group and Workspace security group). These security groups are used to control traffic between Amazon EMR Studio Workspaces and the attached Amazon EMR cluster. Make sure that you create security groups that have valid inbound and outbound rules are attached to the Workspace.

Workspaces fail to load because of a network error or other unknown reasons

If your Workspace fails to load because of a network failure or unknown reasons, then you might experience the following error:

"Failed to load Workspaces. Network error or other unknown reasons."

The failed to load Workspaces error might occur because of network issues, policy misconfigurations, or resource access limitations. To resolve this error, make sure that the Amazon EMR Studio service role has the required permissions to communicate between a Workspace and a cluster. For more information, see Create an EMR Studio service role.

Workspaces are missing or can't be deleted

This issue occurs when Workspace collaboration is turned on for the Workspace. When you turn on collaboration, only you and the specified collaborators can see the Workspace on the list on the Studio Workspaces page. Users that aren't specified as collaborators can't see the Workspace.

To resolve this issue, contact the Workspace owner and request to be a collaborator with the same AWS Identity and Access Management (IAM) identity type. For example, an IAM user can only add other IAM users and an IAM Identity Center user can only add other IAM Identity Center users. For more information, see Configure Workspace collaboration.

A Workspace (notebook) is stopped and the service role doesn't have the required permissions

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

This issue occurs when you don't have the required permissions to set up a Workspace. To resolve this issue, locate the encoded error message and decode the error to identify the missing permissions. Then, add the missing permissions to your service role.

To decode the encoded error message and identify the missing permissions, use the decode-authorization-message command:
Note: Replace example-encoded-message with the encoded message.

aws sts decode-authorization-message --encoded-message <example-encoded-message>

Also, you can use AWS CloudTrail to check the encoded error message. To do this, check the CloudTrail event that has the event name CreateNetworkInterfacePermission.

Example CloudTrail event:

eventId f3169d06-41ba-4a7d-af52-fd2e971d6adb 
eventName CreateNetworkInterfacePermission 
eventSource ec2.amazonaws.com arn arn:aws:iam::902870808158:role/DataPipelineDefaultRole userName DataPipelineDefaultRole 
errorCode Client.UnauthorizedOperation 
errorMessage You are not authorized to perform this operation. Encoded authorization failure message: XvTYdn-URZ7DZc0Twr ... //omitted
AWS OFFICIAL
AWS OFFICIALUpdated a month ago