By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Glue Job Error An error occurred while calling o98.parquet. Access Denied

0

Hi Team, I am trying to archive the mongodb data to S3 as parquet format using AWS Glue job, so that i have created spark script. When i am run the script i am getting below error.

An error occurred while calling o98.parquet. Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: <REQUESTID>; S3 Extended Request ID: <RANDOMID>==; Proxy: null)

How to resolve this issue, can someone help me to overcome this issue.

Thanks.

  • Arthur Lopes
    8 months ago

    Does the role attached to the glue job has permission to put objects on the desired bucket ?

Topics
Migration & ModernizationAnalyticsDatabase
Tags
AWS Database Migration ServiceAWS Glue DataBrewAmazon DocumentDBAWS GlueAWS Glue for Ray
Language
English
Krishnakumar
asked 8 months ago884 views
1 Answer
0

I've seen this issue quite a few times myself. Here is how I'd troubleshoot this issue:

First check if glue job service role has write access to S3 bucket and if S3 bucket is SSE-KMS CMK encrypted, then you need to grant your glue job service that KMS key access too. Additionally make sure there are no explicit deny in KMS key policy and bucket policyl, otherwise you'll need to update KMS Key policy and bucket policy allowing glue job service role access to it.

If you have cloudtrail enabled for data events, query the cloudtrail data through Athena for that request id. Most likely you'll see that your glue job is trying to put/get/delete something from a random temp bucket. And if that would not be the case, then you'll se which bucket, what action is being denied. On that basis, add those permissions to your glue job service role and run the job again.

Additionally refer Encrypting data written by AWS Glue.

Hope you find this helpful.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 24 days ago
  • Arthur Lopes
    8 months ago

    Or he is just missing permission on the given bucket he's trying to write the final result.

  • secondabhi_aws EXPERT
    8 months ago

    Yes, absolutely that can be the reason. I should probably mention second part of my answer first. :) With glue, sometimes it becomes little intricate to find the actual cause since spark is involved. First thing is definitely check the s3 bucket and it's KMS key, if glue job service role has access to this bucket and it's KMS key, also make sure there are no explicit deny in KMS key and s3 bucket policy as well. But if that doesn't resolve the issue, then I'd suggest to check the cloudtrail and make sure you know that exact cause.

  • secondabhi_aws EXPERT
    8 months ago

    Were you able to find the cause of the issue. Do you have any additional questions, feel free to comment here.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content