By using AWS re:Post, you agree to the Terms of Use

Unable to run/create glue job from root user & getting AccessDeniedException

0

First, glue job failed with exception "failed to execute with exception Task allocated capacity exceeded limit."(Service: AWSGlueJobExecutor; Status Code: 400; Error Code: InvalidInputException; Request ID: <req-id>; Proxy: null) because of Max task dpus per account quota reduced to zero internally by AWS. So requested to increase quota which AWS instantly approved.

But since then, unable to run glue jobs & getting AccessDeniedException. [gluestudio-service.ap-south-1.amazonaws.com] startJobRun: AccessDeniedException: Account <account-id> is denied access. (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: <req-id>; Proxy: null)

Also, unable to create a new glue job. getting error "Failed to update job [gluestudio-service.ap-south-1.amazonaws.com] createJob: AccessDeniedException: Account <acc-id> is denied access."

Update: My issue is resolved. Contact AWS Support, create case and ask them to allow you to access glue service.

  • Hello,

    Where is the data being stored that you are processing in glue? Also, if you do run the job with an IAM role, what are the permissions set on the role?

  • Hi Joshua_B, The Glue job is reading an object from one s3 bucket & after processing writing it back to some other bucket.
    The IAM Role for glue job has two policies attached - AmazonS3FullAccess & AWSGlueServiceRole. Also, tried running the same glue job from the IAM user which has the AdministratorAccess policy attached. but still getting the same AccessDeniedException.

  • We're having the same problem since yesterday in region us-east-1. Nothing changed, suddenly we cannot start our Glue jobs anymore with this error: Failed to start job [gluestudio-service.us-east-1.amazonaws.com] startJobRun: AccessDeniedException: Account <MY_ACCOUNT_NUMBER> is denied access. (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: <MY_REQUEST_ID>; Proxy: null)

4 Answers
0
Accepted Answer

Update: My issue is resolved. Contact AWS Support, create case and ask them to allow you to access glue service.

answered 8 days ago
0

Hello all. I am having the exact same problem. I was able to create and run crawlers 2 weeks ago with no problems. Suddenly, yesterday I started receiving the same error message as OP with "<accountID> is denied access". I have been all through the Glue documentation and followed the instructions on roles, policies, permissions, etc., but it has not helped at all. I really didn't think it was my roles/permissions settings causing the problem because I have been able to create crawlers in the past that did not have the correct roles/policies/permissions, and the crawlers were created and run, but they just failed. Now I cannot even CREATE a crawler. Region us-east-1.

answered 19 days ago
0

Update: After reading this post, I decided to try creating a crawler in another region. I usually use us-east-1, which is where I was encountering the error. I tried creating a crawler in us-east-2 and got the same error. I then tried us-west-1 and was able to create a crawler.

I'm just a bootcamp student and have less than 6 months of experience using AWS, but this tells me that the problem isn't anything to do with roles, permissions, policies, etc. in our accounts. There is a problem with at least the us-east-1 and us-east-2 regions accessing the Glue service.

Hope this helps!

answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions