Access Denied for Data Analysis and Visualization in AWS Workshop

Ensure that the IAM role AWSGlueDataBrewServiceRole-data-analyst has trust relationships with the Glue service. Here's a sample trust policy assuming Glue is the service requiring access:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "glue.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Update the IAM policy attached to the role AWSGlueDataBrewServiceRole-data-analyst to allow the necessary S3 actions (s3:ListBucket, s3:GetObject, etc.) on the specific bucket (s3://my-bucket-311516367207/data-analysis-lab/). Here's a sample IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::my-bucket-311516367207/data-analysis-lab",
        "arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
      ]
    }
  ]
}

(Optional): Ensure that the S3 bucket (my-bucket-311516367207) has a policy allowing the necessary actions for the IAM role. Here's a sample bucket policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::311516367207:role/AWSGlueDataBrewServiceRole-data-analyst"
      },
      "Action": [
        "s3:ListBucket",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/",
        "arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
      ]
    }
  ]
}