I am trying to create a glue notebook using an IAM role that has policies 'AWSGlueConsoleFullAccess', 'AWSGlueServiceNotebookRole' and a custom policy as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:CreateJob",
"glue:StartJobRun",
"glue:GetJobRun",
"glue:GetJobRuns",
"glue:GetJob",
"glue:GetJobs",
"glue:BatchStopJobRun",
"glue:Start*",
"glue:Get*",
"glue:List*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"glue:StartNotebook",
"glue:TerminateNotebook",
"glue:GlueNotebookRefreshCredentials",
"glue:DeregisterDataPreview",
"glue:GetNotebookInstanceStatus",
"glue:GlueNotebookAuthorize"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::aws-glue*",
"arn:aws:s3:::aws-glue*/"
]
},
{
"Effect": "Allow",
"Action": [
"glue:CreateWorkflow",
"glue:GetWorkflow",
"glue:BatchStopJobRun",
"glue:CreateTrigger",
"glue:GetTriggers",
"glue:DeleteWorkflow"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::123456789123:user/foo",
"arn:aws:iam::123456789123:user/bar",
"arn:aws:iam::123456789123:user/xyz"
]
}
]
}
Role trust relationship looks like below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com",
"AWS": [
"arn:aws:iam::123456789123:user/foo",
"arn:aws:iam::123456789123:user/bar",
"arn:aws:iam::123456789123:user/xyz"
]
},
"Action": "sts:AssumeRole"
}
]
}
But notebook creation fails with 'Failed to start notebook' error with no further details. Debug console for the browser throws below error
Access to XMLHttpRequest at 'https://us-east-1.ctrl.prod.os.notifications.*****/notification-hubs' from origin 'https://us-east-1.console.aws.amazon.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Can you help debug the issue? At this point, I have tried everything from other stack overflow links, changing browser and adding CORS unblock extension but nothing works.