Query Failure - Access Denied against search query data


Hi, I am trying to run a query against search data, the query runs as expected but after about 25 seconds of run time, it fails and this error message appears:

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: NMT57WVN0MW5P8PV; S3 Extended Request ID: LE/hKMI41yDhagTSBC8fO64gl/qsEg1WFYiuwHauJ6Y0TvfYrKlE3qyqXq4e3asgwokeiAvEvNQ=; Proxy: null), S3 Extended Request ID: LE/hKMI41yDhagTSBC8fO64gl/qsEg1WFYiuwHauJ6Y0TvfYrKlE3qyqXq4e3asgwokeiAvEvNQ= (Bucket: searchdata-core-tommy-query-groups-v2-anonymized-prod, Key: tommy-query-groups-anonymized-parquet/us/20230802/) This query ran against the "searchdata" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: 22490b2a-9565-4a50-a4d2-77340442389f

I need a place to start or a little more detail in order to root cause this issue. I can confirm someone else in my team ran a similar query and it also failed for them- seems like a permissions issue, maybe, but I need help to be pointed in the right direction to root cause.

Thank you!

asked 3 months ago151 views
1 Answer
Accepted Answer

Based on the error message, it seems like the issue is related to permissions on the S3 bucket that your query is trying to access. A few things to check:

  • Make sure the IAM role or user that is running the query has the necessary S3 permissions to access the objects in the S3 bucket. Specifically, it needs s3:GetObject permission on the bucket/objects.

  • Check if the bucket policy allows access from the account that is running the query. The bucket policy may be restricting access after some time.

  • Try running the query on a smaller subset of data or for a shorter time period to see if it completes successfully. This can help narrow down if it's a timeout or permission issue.

  • Check CloudTrail logs to see if there are any relevant ACCESS_DENIED or AUTHORIZATION_FAILURE entries for the S3 bucket around the time your query fails.

  • Make sure the IAM role isn't hitting some limit or quota that causes permissions to be revoked after some time.

  • Contact AWS Support and provide the Query ID from the error message. They may have additional insight into the issue.

In summary, focus on the S3 bucket permissions and any policies, roles, or limits that could be causing access to be denied after some time. Checking logs and contacting AWS Support can also help get to the root cause.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions