- Newest
- Most votes
- Most comments
Update: My issue is resolved. Contact AWS Support, create case and ask them to allow you to access glue service.
I am facing the same issue and AWS support tells me to upgrade support plan to allow me post questions in "Technical" section. This is pretty weird. Could you please share in what section did you create ticket and what did you specify. Thank you!
We still have the same problem; even with sub-accounts of a totally new account. It seems like more and more people have the same issue:
- https://stackoverflow.com/questions/73126691/access-denied-for-glue-job-in-terraform
- https://stackoverflow.com/questions/73233710/awsglue-accessdeniedexception-status-code-400
- https://stackoverflow.com/questions/73202225/access-denied-when-create-aws-glue-crawler
- https://stackoverflow.com/questions/73254895/aws-glue-gives-accessdeniedexception
- https://repost.aws/questions/QUhxdKlj4VSF-dzTXo7Xt3Iw/aws-glue-access-denied-exception-status-code-400
- https://repost.aws/questions/QU7wLjCe0rR_Wp5VFgVKTIbg/unable-to-run-create-glue-job-from-root-user-getting-access-denied-exception
Hello all. I am having the exact same problem. I was able to create and run crawlers 2 weeks ago with no problems. Suddenly, yesterday I started receiving the same error message as OP with "<accountID> is denied access". I have been all through the Glue documentation and followed the instructions on roles, policies, permissions, etc., but it has not helped at all. I really didn't think it was my roles/permissions settings causing the problem because I have been able to create crawlers in the past that did not have the correct roles/policies/permissions, and the crawlers were created and run, but they just failed. Now I cannot even CREATE a crawler. Region us-east-1.
Update: After reading this post, I decided to try creating a crawler in another region. I usually use us-east-1, which is where I was encountering the error. I tried creating a crawler in us-east-2 and got the same error. I then tried us-west-1 and was able to create a crawler.
I'm just a bootcamp student and have less than 6 months of experience using AWS, but this tells me that the problem isn't anything to do with roles, permissions, policies, etc. in our accounts. There is a problem with at least the us-east-1 and us-east-2 regions accessing the Glue service.
Hope this helps!
Relevant content
- asked 3 years ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hello,
Where is the data being stored that you are processing in glue? Also, if you do run the job with an IAM role, what are the permissions set on the role?
Hi Joshua_B, The Glue job is reading an object from one s3 bucket & after processing writing it back to some other bucket.
The IAM Role for glue job has two policies attached - AmazonS3FullAccess & AWSGlueServiceRole. Also, tried running the same glue job from the IAM user which has the AdministratorAccess policy attached. but still getting the same AccessDeniedException.
We're having the same problem since yesterday in region us-east-1. Nothing changed, suddenly we cannot start our Glue jobs anymore with this error: Failed to start job [gluestudio-service.us-east-1.amazonaws.com] startJobRun: AccessDeniedException: Account <MY_ACCOUNT_NUMBER> is denied access. (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: <MY_REQUEST_ID>; Proxy: null)