使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

How do I troubleshoot autosave issues or missing data in my Amazon EMR notebook?

4 分的閱讀內容
0

I want to troubleshoot autosave issues or missing data in my Amazon EMR notebook.

Resolution

To prevent autosave issues or missing data in your Amazon EMR notebook, associate Git-based repositories with your Amazon EMR notebooks. Then, save your EMR notebooks in a version controlled environment.

To troubleshoot autosave issues or missing data in your EMR notebook, complete the following steps based on the error message that you receive.

Failed to start Workspace. ServiceRole does not have permission to access the S3 location or associated KMS keys

This error occurs when the service role doesn't have sufficient permissions for the notebook Workspace. To troubleshoot this issue, check the service role and resource policies for the associated Amazon Simple Storage Service (Amazon S3) location and AWS Key Management Service (AWS KMS) keys.

Check the permissions for the Amazon S3 location

To check the permissions for the Amazon S3 location, take the following actions:

  • Check that the service role has the required permissions to access the Amazon S3 bucket location where the notebook data is stored.
  • To grant the required service role permissions, attach an AWS Identity and Access Management (IAM) policy that allows read and write access.
  • Check that the S3 bucket policy allows bucket access for the service role.

Check whether notebooks were accidentally deleted from the S3 bucket

If notebooks are accidentally deleted from the bucket, then recreate the notebooks or restore them from a backup.

Manually update the notebooks content

To manually update your notebook's content, access the notebook files that are stored in the bucket. Then, edit the notebook's content. Make sure that you have the required permissions to access and modify the files in the bucket.

File save Error (notebook name) Permission denied

This error occurs when the IAM role that's associated with the EMR notebook instance doesn't have the permissions to write to the associated S3 bucket.

Check the IAM role permissions

Check that the IAM role that's assigned to the EMR notebook instance has the following permissions:

  • s3:PutObject: Allows you to upload notebook files to the S3 bucket
  • s3:GetObject: Allows you to download notebook files from the Amazon S3 bucket
  • s3:GetEncryptionConfiguration: Allows you to get the S3 bucket encryption configuration
  • s3:ListBucket: Allows you to list the bucket contents

If the IAM role doesn't have these permissions, then modify the existing role. Or, create a new role with the permissions and attach the role to the EMR notebook instance.

Check the bucket policy

Make sure that the bucket policy allows the IAM role that's associated with the EMR notebook instance to perform the following actions:

  • s3:PutObject
  • s3:GetObject
  • s3:GetEncryptionConfiguration
  • s3:ListBucket

Check the Amazon S3 bucket encryption

If the Amazon S3 bucket is encrypted with AWS KMS, then make sure that the notebook instance's IAM role has the kms:GenerateDataKey permission. This permission allows you to use an AWS server-side encryption (SSE)-KMS key to encrypt the notebook files.

Check the Amazon S3 bucket ownership

Make sure that the EMR notebook instance's IAM role has access to the associated Amazon S3 bucket. If another AWS account owns the bucket, then update the bucket policy to configure cross-account access. Or, use a bucket policy that allows access from the IAM role's account.

Check the Amazon EMR notebook instance configuration

Make sure that the EMR notebook instance is configured to use the correct IAM role with the required permissions. If the instance uses an incorrect IAM role, then update the instance configuration or recreate the instance with the correct IAM role. After you update the instance configuration, save the notebook.

AWS 官方
AWS 官方已更新 3 個月前