- Newest
- Most votes
- Most comments
Try the following:
in IAM console, create a role with the following policies:
AmazonRDSReadOnlyAccess (or full access if you need to write to the db)
AWSGlueServiceRole
AWSGlueConsoleFullAccess
AmazonS3FullAccess
AmazonEC2FullAccess (this might not be necessary)
This should solve the IAM role problem.
As for the security group, you need to have a self referenced security group. So create a new security group with a rule as follows:
Type = All TCP
Protocol = TCP
Port Range = 0 - 65535
Source = *
Description = whatever you want (e.g. self-reference rule)
You put the security group ID (e.g. sg-096f6b7f4f2692t61) of the security group itself.
Note: not sure you immediately have the security group ID at the time of the creation. If not, when creating the security group add a All TCP rule with your IP as source, then once created, add the above-mentioned rule.
Now if you use that role and that security group in your Glue connection it should work.
Hi fabioSama,
I have changed security group like you said, but right now I still get this error when I run my crawler with IAM console. Sorry for reply too late
ERROR : At least one security group must open all ingress ports.To limit traffic, the source security group in your inbound rule can be restricted to the same security group
(Service: AWSGlueJobExecutor; Status Code: 400; Error Code: InvalidInputException; ...)
Find the way to correc this. First creat a Nat gateway and connect it with your rout table then it will work perfectly
Apparently you need a NAT Gateway if "your job needs to access both VPC resources and the public internet, the VPC needs to have a Network Address Translation (NAT) gateway inside the VPC."
https://docs.aws.amazon.com/glue/latest/dg/start-connecting.html
Relevant content
- asked 9 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago