Unable to run/create glue job from root user & getting AccessDeniedException

1

First, glue job failed with exception "failed to execute with exception Task allocated capacity exceeded limit."(Service: AWSGlueJobExecutor; Status Code: 400; Error Code: InvalidInputException; Request ID: <req-id>; Proxy: null) because of Max task dpus per account quota reduced to zero internally by AWS. So requested to increase quota which AWS instantly approved.

But since then, unable to run glue jobs & getting AccessDeniedException. [gluestudio-service.ap-south-1.amazonaws.com] startJobRun: AccessDeniedException: Account <account-id> is denied access. (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: <req-id>; Proxy: null)

Also, unable to create a new glue job. getting error "Failed to update job [gluestudio-service.ap-south-1.amazonaws.com] createJob: AccessDeniedException: Account <acc-id> is denied access."

Update: My issue is resolved. Contact AWS Support, create case and ask them to allow you to access glue service.

  • Hi Joshua_B, The Glue job is reading an object from one s3 bucket & after processing writing it back to some other bucket.
    The IAM Role for glue job has two policies attached - AmazonS3FullAccess & AWSGlueServiceRole. Also, tried running the same glue job from the IAM user which has the AdministratorAccess policy attached. but still getting the same AccessDeniedException.

已提问 2 年前2611 查看次数
3 回答
1
已接受的回答

Update: My issue is resolved. Contact AWS Support, create case and ask them to allow you to access glue service.

已回答 2 年前
profile picture
专家
已审核 4 个月前
  • I am facing the same issue and AWS support tells me to upgrade support plan to allow me post questions in "Technical" section. This is pretty weird. Could you please share in what section did you create ticket and what did you specify. Thank you!

0

Hello all. I am having the exact same problem. I was able to create and run crawlers 2 weeks ago with no problems. Suddenly, yesterday I started receiving the same error message as OP with "<accountID> is denied access". I have been all through the Glue documentation and followed the instructions on roles, policies, permissions, etc., but it has not helped at all. I really didn't think it was my roles/permissions settings causing the problem because I have been able to create crawlers in the past that did not have the correct roles/policies/permissions, and the crawlers were created and run, but they just failed. Now I cannot even CREATE a crawler. Region us-east-1.

已回答 2 年前
0

Update: After reading this post, I decided to try creating a crawler in another region. I usually use us-east-1, which is where I was encountering the error. I tried creating a crawler in us-east-2 and got the same error. I then tried us-west-1 and was able to create a crawler.

I'm just a bootcamp student and have less than 6 months of experience using AWS, but this tells me that the problem isn't anything to do with roles, permissions, policies, etc. in our accounts. There is a problem with at least the us-east-1 and us-east-2 regions accessing the Glue service.

Hope this helps!

已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则