AWS Lake Formation: (AccessDeniedException) when calling the GetTable operation: Insufficient Lake Formation permission(s) on table

0

I have implemented LakeFormation on my data bucket.

I have a step function in which one step consists of running a GlueJob that reads and writes to the data catalog.

I have upgraded my DataLake permissions as reported here.

The Service Role that runs my Step Function has a root-type policy (granted just for debugging this issue):

        Statement:
          - Effect: "Allow"
            Action: 
              - "*"
            Resource: 
              - "*"   

On lake formation the service role has:

  • Administrator Rights
  • Database Creation rights (and Grantable)
  • Data Location access to the entire bucket (and Grantable)
  • Super rights on read and write Database (and Grantable)
  • Super rights on ALL tables within above Databases (and Grantable).

The bucket is not encrypted.

But, somehow, its access to the tables is denied with the error:

(AccessDeniedException) when calling the GetTable operation: Insufficient Lake Formation permission(s) on table

What's really strange is that the Glue Job succeeds when writing to some tables, and fails on others. And there is no real substantial difference across tables: all of them are under the same S3 prefix, parquet files, partitioned on the same key.

Given the abundance of permissions granted, I am really clueless about what is causing the error.

Please, send help.

1 Answer
0

Hi,

You have mentioned your state machine has all permission but can you please confirm if your Glue IAM role has permissions!

Please make sure your Glue job IAM role has glue permissions on your Glue catalog.

Reference: https://docs.aws.amazon.com/glue/latest/dg/using-identity-based-policies.html#identity-policy-examples

Also, please verify from Lake formation "Data lake permission" that your Glue job IAM role has permission on Lake formation DB/table.

I hope this helps!

Thanks,

Tejal

AWS
Tejal_G
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions