AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

Glue Service error - Denied Access

0

When I click button "Create Crawler" in AWS Glue service, I failed. But I set up generated IAM Role with permission policy "AdministratorAccess" for this subcribe account. Please help me solve this issue. Thank you so much.

my error: Account xxxxxxxxxxxx denied access

질문됨 2년 전613회 조회
2개 답변
0

Verify that your AWS account has sufficient permissions to use the AWS Glue service. Specifically, ensure that the IAM user or role you're using to access AWS Glue has the "glue:*" permissions or specific permissions for the actions you want to perform.

profile picture
답변함 2년 전
0

Hi, thank you for your question!

Let me start by providing this documentation of a step-by-step guide on how to create an AWS Glue crawler that you can follow along: https://docs.aws.amazon.com/glue/latest/ug/tutorial-add-crawler.html#tutorial-add-crawler-step1

If you encounter an "Access Denied" error when trying to create a crawler in AWS Glue, even though you have configured the IAM Role with "AdministratorAccess," there could be several reasons for this issue. Here are some steps you can take to troubleshoot and resolve the problem.

First, you need to verify the trust relationship. Ensure that the trust relationship for the IAM Role allows AWS Glue to assume the role. The trust relationship should have a policy document that includes "glue.amazonaws.com" as a trusted entity.

Second, check if there are any resource-based policies attached to the AWS Glue resources (e.g., S3 buckets, databases) that might be restricting access. Resource-based policies can override permissions granted through IAM roles.

In case you are using a VPC, you can also check if the AWS Glue service has VPC endpoint access enabled and that it is configured correctly.

Finally, you can also review your CloudTrail logs to check for any detailed error messages or additional information about the "Access Denied" error. CloudTrail logs can provide insights into the exact actions that were denied and the reason for the denial. You can filter by the Event Source with the value "glue.amazonaws.com" to locate failed CloudTrail events specific to the Glue service. To learn more about viewing CloudTrail events in the CloudTrail console, you can refer to the following documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events

Hope this helps!

AWS
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인