Getting started with Neptune ML: problem accessing S3 to create endpoints

0

I am working through the getting started with Neptune ML notebook and I get an error in running the first cell in "configuring the endpoints": ERROR:root:An error occurred (403) when calling the HeadObject operation: Forbidden. I assume that this is some sort of permissioning error but I unable to get to the bottom of it. Has anybody experience something similar?

已提問 2 年前檢視次數 757 次
5 個答案
0

So I have worked around the access denied problem by setting the Bucket Policy to the following:

{
    "Version": "2012-10-17",
    "Id": "Policy1645542302826",
    "Statement": [
        {
            "Sid": "Stmt1645542298524",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<name_of_bucket>/*",
                "arn:aws:s3:::<name_of_bucket>"
            ]
        }
    ]
}

But I now encounter an error when running:

%load -s {response} -f csv -p OVERSUBSCRIBE --run
UsageError: option -f not recognized ( allowed: "yns:r:" )

Any further suggestions much appreciated.

已回答 2 年前
  • I have just tested this cell on my AWS account, and it appears to be working correctly:

    %load -s {response} -f csv -p OVERSUBSCRIBE --run

    Could you provide any more information?

0

Thanks, I am new to AWS and I am unsure which role the IAM policy needs to be attached to. This is the policy I am using:

    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aws-neptune-notebook",
                "arn:aws:s3:::aws-neptune-notebook/*",
                "arn:aws:s3:::pre-trained-neptune",
                "arn:aws:s3:::pre-trained-neptune/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "neptune-db:connect",
            "Resource": [
                "arn:aws:neptune-db:eu-west-2:480331504820:cluster-VOLJYAGWCPIMP7YUXPYUZ3OEM4/*"
            ]
        }
    ]
}

but I suspect its not attached to the correct role.

已回答 2 年前
0

Hello,

**This may help... **

hint: create a new cell (of type 'code'), type in print(s3_bucket_uri) and execute it, to show the current S3 bucket being used in the notebook.

**If you still need assistance... **

Within this same notebook, in the 1st cell underneath the heading "Loading Data", there is a script which sets an S3 bucket which is used throughout the notebook for loading data, storing training data and reformatting data. If this S3 bucket is in some way inaccessible from the Neptune cluster, or the Jupiter notebook, you may receive a 403.

My suggestion for moving forward is this:

  1. Create a new S3 bucket, taking care that it conforms to the guidance here: https://docs.aws.amazon.com/neptune/latest/userguide/bulk-load.html
  2. Navigate back to your "....Getting-Started-with-Neptune-ML...." notebook, and run the cells in order again from the beginning, taking care to set the "s3_bucket_uri=.." value underneath the heading "Loading Data" to your new S3 bucket.

If you execute the cells in order, from the beginning, after following the steps above, you should be able to successfully 'Configure the Endpoints'.

Kind regards,
Charles
Graph Architect
Amazon Neptune

AWS
已回答 2 年前
0

Hi! Good question, Does your IAM role have access to the bucket via s3:ListBucket? The HeadObject operation is tied to s3:ListBucket and if that permission is not there, the HeadObject call will return a 403.

Check the IAM Role that the Notebook is using. The trust relationship on that role should trust sagemaker (service). On that IAM role, one of the attached policies will need s3:ListBucket (allow).

https://docs.aws.amazon.com/neptune/latest/userguide/graph-notebooks.html

jsonc
已回答 2 年前
0

Thanks Charles. I have followed your suggestion started afresh. I am encountering and error in running the second cell in Loading Data now:

ERROR:root:Failed to upload /home/ec2-user/data/formatted/user_vertex.csv to bucket-for-neptune-richard/neptune/neptune-formatted/movielens-100k/user_vertex.csv: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

I recall having the same error and working around it last time too, but would appreciate your insight.

已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南