By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Glue Service error - Denied Access

0

When I click button "Create Crawler" in AWS Glue service, I failed. But I set up generated IAM Role with permission policy "AdministratorAccess" for this subcribe account. Please help me solve this issue. Thank you so much.

my error: Account xxxxxxxxxxxx denied access

Topics
AnalyticsSecurity, Identity, & Compliance
Tags
AWS GlueIAM Policies
Language
English
rePost-User-2748522
asked a year ago312 views
2 Answers
0

Verify that your AWS account has sufficient permissions to use the AWS Glue service. Specifically, ensure that the IAM user or role you're using to access AWS Glue has the "glue:*" permissions or specific permissions for the actions you want to perform.

profile picture
kishanpokar
answered a year ago
0

Hi, thank you for your question!

Let me start by providing this documentation of a step-by-step guide on how to create an AWS Glue crawler that you can follow along: https://docs.aws.amazon.com/glue/latest/ug/tutorial-add-crawler.html#tutorial-add-crawler-step1

If you encounter an "Access Denied" error when trying to create a crawler in AWS Glue, even though you have configured the IAM Role with "AdministratorAccess," there could be several reasons for this issue. Here are some steps you can take to troubleshoot and resolve the problem.

First, you need to verify the trust relationship. Ensure that the trust relationship for the IAM Role allows AWS Glue to assume the role. The trust relationship should have a policy document that includes "glue.amazonaws.com" as a trusted entity.

Second, check if there are any resource-based policies attached to the AWS Glue resources (e.g., S3 buckets, databases) that might be restricting access. Resource-based policies can override permissions granted through IAM roles.

In case you are using a VPC, you can also check if the AWS Glue service has VPC endpoint access enabled and that it is configured correctly.

Finally, you can also review your CloudTrail logs to check for any detailed error messages or additional information about the "Access Denied" error. CloudTrail logs can provide insights into the exact actions that were denied and the reason for the denial. You can filter by the Event Source with the value "glue.amazonaws.com" to locate failed CloudTrail events specific to the Glue service. To learn more about viewing CloudTrail events in the CloudTrail console, you can refer to the following documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events

Hope this helps!

AWS
Rahmah Elmowafi
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content