- Newest
- Most votes
- Most comments
Hi,
There are many possible reasons to cause this error.
Could you please paste the role in this post or review the role Default execution role assign to the Amazon SageMaker Domain user profile that ensures you have the permission to create S3 bucket?
Thanks,
I am getting the same error following the instructions at the page. https://catalog.us-east-1.prod.workshops.aws/workshops/013df096-dacc-4da7-8a38-a16a6c709f75/en-US/100-getting-started/102-in-your-own-account
I get the error after step 8, when I click on Submit.
"Could not create domain due to S3 bucket creation failure."
Any help is appreciated.
I am able to create domain successfully now, without any changes. So not sure, what really happened between yesterday and today.
Thank you for the reply.
I try to follow the documentation and am able to create a Sagemaker domain successfully.
To debug, please try to attach AmazonS3FullAccess policy to your Default execution role and try again to see if it works. Then remove the AmazonS3FullAccess, modify your policy as below and try again.
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload"
],
"Resource": ["*"]
In general, the Resource types column indicates whether each action supports resource-level permissions. The S3 actions support multiple S3 resource types, please find more information here: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions
Thanks,
Thanks for your suggestions. I tried adding
AmazonS3FullAccessto the role, which didn't work, so then I also tried copying your suggested policy and adding to the role, which also did not work. I even tried with both policies at once, and it STILL didn't work. I get the same "Could not create domain due to S3 bucket creation failure." error every time. Is there any way to get more detailed/useful information to debug this issue?
When onboarding SageMaker Studio and creating domain, the S3 bucket is created using the login role/user of the console, not the execution role. The execution role is only useful when the domain has been created successfully.
Please check the permissions of role used to login console and create domain. Not the domain execution role specified in domain creation. In general, creating a domain requires an admin/power user level role, which will create buckets, roles, policies plus other lots of things. Normal users generally don't have such permissions.
I have admin access and i faced this error, This can also be because you exceeded maximum number of buckets allocated per account which is 100. I went ahead and deleted a few buckets and requested a higher limit. Hope this helps.
Relevant content
- asked 3 months ago
- asked 7 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 days ago
And, later on in the same policy,
"Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketCors", "s3:PutBucketCors" ], "Resource": "*" The latter section seems to have permissions to create s3 buckets, but maybe I am misunderstanding
I checked the execution role and see the following permissions enabled (these are included in the AmazonSageMakerFullAccess policy attached to the role):
"Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::SageMaker", "arn:aws:s3:::Sagemaker", "arn:aws:s3:::sagemaker", "arn:aws:s3:::aws-glue" ]