Glue Service error - Denied Access

Verify that your AWS account has sufficient permissions to use the AWS Glue service. Specifically, ensure that the IAM user or role you're using to access AWS Glue has the "glue:*" permissions or specific permissions for the actions you want to perform.

Hi, thank you for your question!

Let me start by providing this documentation of a step-by-step guide on how to create an AWS Glue crawler that you can follow along: https://docs.aws.amazon.com/glue/latest/ug/tutorial-add-crawler.html#tutorial-add-crawler-step1

If you encounter an "Access Denied" error when trying to create a crawler in AWS Glue, even though you have configured the IAM Role with "AdministratorAccess," there could be several reasons for this issue. Here are some steps you can take to troubleshoot and resolve the problem.

First, you need to verify the trust relationship. Ensure that the trust relationship for the IAM Role allows AWS Glue to assume the role. The trust relationship should have a policy document that includes "glue.amazonaws.com" as a trusted entity.

Second, check if there are any resource-based policies attached to the AWS Glue resources (e.g., S3 buckets, databases) that might be restricting access. Resource-based policies can override permissions granted through IAM roles.

In case you are using a VPC, you can also check if the AWS Glue service has VPC endpoint access enabled and that it is configured correctly.

Finally, you can also review your CloudTrail logs to check for any detailed error messages or additional information about the "Access Denied" error. CloudTrail logs can provide insights into the exact actions that were denied and the reason for the denial. You can filter by the Event Source with the value "glue.amazonaws.com" to locate failed CloudTrail events specific to the Glue service. To learn more about viewing CloudTrail events in the CloudTrail console, you can refer to the following documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events

Hope this helps!