- 最新
- 最多得票
- 最多評論
Check this documentation : [] Troubleshoot crawler errors when the crawler is using Lake Formation credentials - Error: Insufficient Lake Formation permission(s) on s3://examplepath - https://docs.aws.amazon.com/glue/latest/dg/error-crawler-config-lf.html#error-location-permissions
To solve the issue you need to grant Lake formation permission for Data Location (the registered S3 path permission) [] Granting data location permissions (same account) - https://docs.aws.amazon.com/lake-formation/latest/dg/granting-location-permissions-local.html
Crawler need access to read s3 data directly, then update the Catalog. So, two Lake Formation permissions required :
- a. S3 Reregistered Location Grant (need to grant with above step mentioned)
- b. Grant on the database and table to create/update. (you have granted this)
Hello,
Resolution:
You get this error when the following conditions are true:
- The IAM user or role tries to create or alter a Data Catalog resource (database or table) on an Amazon S3 bucket that's registered with Lake Formation.
- The IAM user or role doesn’t have the appropriate data location permissions from Lake Formation.
To resolve this error, you must grant appropriate data location permissions to the IAM user or role that you use to create the database or table. When you're using Athena with Lake Formation, be sure to grant the required S3 permissions to the IAM user or role from Lake Formation in addition to the data access permissions required by the IAM user or role. Data access permissions allow the IAM user or role to read and write data to the underlying Amazon S3 location. However, data location permissions in Lake Formation allow an IAM user or role to create and alter Data Catalog resources that point to the registered Amazon S3 location.
To resolve this error, do the following:
- Verify that S3 path in Athena is registered with Lake Formation successfully.
- Grant the required data location permissions to the IAM user or role to access the S3 path.
[+] https://repost.aws/knowledge-center/athena-insufficient-lake-formation-permissions
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
Thank you, a. solved my issue. I find it interesting that it was able to complete the crawl on another folder within the same bucket without having this granted.