- Mais recentes
- Mais votos
- Mais comentários
Hii, Have you created the relevant resource links in your Lakeformation console of your target account? If not yet done then, please follow the given documentation and set up the shared tables in your target account. In case, both the source s3 bucket and the source table in Glue are encrypted with different KMS keys then permissions must be given to both of the keys. If both belong to different account then you will have to provide both the resource based and Identity based permissions.
In my experience, the error you are seeing arises when the Key policy of the KMS key is not properly defined such that it allows cross account access of the key. Thus, please verify it once.
It might be better if you reach out to a Premium Support engineer of Security team as they will be able to have a look at your policies and find out the exact root cause of the error.
Conteúdo relevante
- AWS OFICIALAtualizada há 6 meses
Hi Chaitu, sorry for the late response. I did create the resource links and the key policy was also correctly defined. But it was caused by the KMS key issue because originally my s3 buckets were encrypted with S3-SSE (which does not support cross-account access) and I switched to KMS encryption after I grant the cross account access through lake formation. I finally destroyed the infrastructure and redeployed everything worked. I felt that I should change S3 encryption from S3-SSE to KMS encryption before I implemented the cross-account access. Thank you very much.