- 최신
- 최다 투표
- 가장 많은 댓글
It turns out, the objects in the bucket were encrypted with a specific KMS key, even though the bucket settings were set to use an Amazon S3-managed key (SSE-S3). So the error message was correct.
When I exported from HealthLake to S3, it prompted me to create or provide a KMS key to encrypt the output data, so that overrode the bucket-wide encryption settings.
Once I updated the KMS key policy to allow the Glue Crawler's Role and I used a single-region instead of a multi-region KMS key, the error went away.
Thank you Yann,
The section that states 'updated the KMS key policy to allow the Glue Crawler's Role' is what helped me.
I clicked on my KMS Key that I created for moving Healthlake data to S3 and added the IAM role I created for my Glue job (starts with AWSGlueServiceRole) to both 'Key administrators' and 'Key users.'
That did the trick!