AWS Glue Access denied for crawler with administrator policy attached

Question 1

AWS Glue Access denied for crawler with administrator policy attached

amazon-s3 aws-glue

Jon Swanson · Aug 17, 2018 · Viewed 7k times · Source

Answer

Answer

Check to see if the files you are crawling are encrypted. If they are, then your Glue role probably doesn't have a policy that allows it to decrypt.

If so, it might need something like this:

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
      "kms:Decrypt"
    ],
    "Resource": [
      "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
      "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321"
    ]
  }
}

Question 2

I am trying to run a crawler across an s3 datastore in my account which contains two csv files. However, when I try to run the crawler, no tables are loaded, and I see the following errors in cloudwatch for the each of the files:

Error Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;
Tables created did not infer schemas from this file.

This is especially odd as the IAM role has the AdministratorAccess policy attached, so there should not be any access denied issue.

Any help would be appreciated.

AWS Glue Access denied for crawler with administrator policy attached

Answer

Related questions