By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Facing issue while creating a table in Athena

0

© Exception in User Class: org.apache.spark.sql.catalyst.analysis.AccessControlException : User: arn:aws:sts::awsaccoundid:assumedRole/IAMRole/GlueJobRunnerSessionisnotauthorizedto perform: glue:CreateTable on resource: arn:aws:glue:us-east-1:glueaccountid:table/database/tablename because no identity-based policy allows the glue:CreateTable action (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException;) and my code is def createTable (spark: SparkSession, dbName: String, tableName: String, s3FileLocation: Strin var tableDescription: String = "" var schemaString : String = "" if (tableName == "xyz") { tableDescription = "Global Auth Login" schemaString = schema. Tablenameschema.fields .map(field => field.name.replaceAl("""^""", "") .concat (" ") . concat (field. dataType. typeName match { case "timestamp" => "string" case "Long" => "string" case "boolean" => "string" case smt => smt})) .mkString(" , \n") } spark.sql(s"DROP TABLE IF EXISTS ${dbName].${tableName]") val tableQuery = s""" |CREATE EXTERNAL TABLE IF NOT EXISTS ${dbName} .$(tableName] (${schemaString) ISTORED AS PARQUET ¡COMMENT '${tableDescription]' |LOCATION '$(s3FileLocation}" ITBLPROPERTIES ("skip.header . line.count" = "¡") www.stripMargin spark.sql(tableQuery)

Topics
Analytics
Tags
Amazon AthenaAWS Glue
Language
English
Madhu
asked 9 months ago312 views
1 Answer
0

Hi Madhu,

From the error message it seems that permissions to create table is missing to IAM role.

Please refer CREATE TABLE section at Fine-grained access to databases and tables in the AWS Glue Data Catalog and add these permissions to IAM role being used here.

Once you add these permissions to respective IAM role either by adding a new policy to role or updating one of the already attached policy to this role, this error would be resolved.

Hope you find this information helpful.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
  • Madhu
    9 months ago

    @secondabhi_aws I had added all the permissions for table and database to create in Athena , "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue: BatchDeleteTable", "glue:DeleteTableversion", "glue:BatchDeleteTableversion" "glue:CreatePartition" "glue:UpdatePartition", "glue:DeletePartition", "glue: BatchcreatePartition", "glue: BatchDeletePartition", "glue:CreateUserDefinedFunction" "glue:UpdateUserDefinedFunction" "glue: DeleteUserDefinedFunction", "glue: CreateDatabase" "glue:DeleteDatabase" "glue: UpdateDatabase "glue:Get*" "glue: BatchGet*" -> these are added for both glue id and Aws account id . Let me know if I’m still missing anything

  • secondabhi_aws EXPERT
    9 months ago

    Hi Madhu, Can you also mention here the resource section of this policy by masking the account information. That would help me to identify the problem.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content