GlueJobRunnerSession 無權執行:lakeformation:GetDataAccess on resource
[英]GlueJobRunnerSession is not authorized to perform: lakeformation:GetDataAccess on resource
問題描述
我正在嘗試在我的 aws 膠水作業中使用 glueContext.purge_table 函數。 每當執行作業時,它都會拋出以下錯誤:
An error occurred while calling o82.purgeTable.
: java.lang.RuntimeException: class com.amazonaws.services.gluejobexecutor.model.AccessDeniedException:User: arn:aws:sts::012345678:assumed-role/XYZ/GlueJobRunnerSession is not authorized to perform: lakeformation:GetDataAccess on resource: arn:aws:glue:us-east-1:MICHIGAN_DEFAULT_CATALOG_ID_RANDOMIZED:table/database/table (Service: AWSLakeFormation; Status Code: 400; Error Code: AccessDeniedException; Request ID: 25829fe6-2a10-430a-b050-023c13bcc8ce; Proxy: null) (Service: AWSGlueJobExecutor; Status Code: 400; Error Code: AccessDeniedException; Request ID: ed60ddfa-8263-486a-b9f6-1dd57cbfd9bd; Proxy: null)
該角色附加了以下策略:
任何幫助將不勝感激。
2 個解決方案
解決方案1
0 2022-01-06 09:16:25
您還需要為您的工作角色提供完整的LakeFormation訪問權限,因為您似乎激活了LakeFormation 。
解決方案2
0 2022-12-21 18:46:47
只是為了澄清這一點,您需要將“AWSLakeFormationDataAdmin”策略添加到您用於運行 Glue 作業的 IAM 角色。
此外,在 Lake Formation 端,您需要確保上述原則(IAM 角色)具有數據湖權限以訪問數據目錄的 Glue 元數據表。
用戶無權執行:connect:* on resource: * with an explicit deny"
[英]User is not authorized to perform: connect:* on resource: * with an explicit deny"
用戶無權執行:dynamodb:PutItem on resource
[英]User is not authorized to perform: dynamodb:PutItem on resource
Aws Lambda 無權執行:SNS:在資源上發布:+358
[英]Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
AWS,GitHub 操作:用戶無權執行:sts:AssumeRole on resource (CodePipeline)
[英]AWS, GitHub Action: User is not authorized to perform: sts:AssumeRole on resource(CodePipeline)
AWS StsClient:用戶無權執行:sts:資源上的AssumeRole
[英]AWS StsClient: User not authorized to perform: sts:AssumeRole on resource
代入角色 python 錯誤未授權執行:sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxx
[英]Assumed role python error is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxx
收到錯誤“用戶:arn:aws:iam::11345636234528:user/my_Api 無權執行:secretmanager:GetSecretValue on resouce:my_Resource”?
[英]Receiving error "User: arn:aws:iam::11345636234528:user/my_Api is not authorized to perform: secretmanager:GetSecretValue on resouce: my_Resource"?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
無權執行:資源上的 sts:TagSession:***
用戶無權執行:connect:* on resource: * with an explicit deny"
用戶無權執行:dynamodb:PutItem on resource
Aws Lambda 無權執行:SNS:在資源上發布:+358
AWS,GitHub 操作:用戶無權執行:sts:AssumeRole on resource (CodePipeline)
AWS StsClient:用戶無權執行:sts:資源上的AssumeRole
AWS Lambda function:未授權執行
代入角色 python 錯誤未授權執行:sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxx
收到錯誤“用戶:arn:aws:iam::11345636234528:user/my_Api 無權執行:secretmanager:GetSecretValue on resouce:my_Resource”?
無權執行:lambda:GetFunction
相關標簽