Hi everyone,
I’m receiving this error in the after run terraform apply
in topic 4.8.
Is anyone else experiencing this?
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_glue_connection.rds_connection: Creating...
aws_iam_role_policy.task_role_policy: Creating...
aws_glue_catalog_database.analytics_database: Creating...
╷
│ Error: creating Glue Catalog Database (de-c1w2-analytics-db): operation error Glue: CreateDatabase, https response error StatusCode: 400, RequestID: de93fb45-d801-4b4c-8bf0-ccba72161f3d, api error AccessDeniedException: User: arn:aws:sts::298204050035:assumed-role/Cloud9InstanceRole/i-02b0739c4171ffdf9 is not authorized to perform: glue:CreateDatabase on resource: arn:aws:glue:us-east-1:298204050035:catalog because no identity-based policy allows the glue:CreateDatabase action
│
│ with aws_glue_catalog_database.analytics_database,
│ on glue.tf line 1, in resource "aws_glue_catalog_database" "analytics_database":
│ 1: resource "aws_glue_catalog_database" "analytics_database" {
│
╵
╷
│ Error: creating Glue Connection (de-c1w2-rds-connection): operation error Glue: CreateConnection, https response error StatusCode: 400, RequestID: c1f89781-4342-4f8a-bc87-39fded92cdb2, api error AccessDeniedException: User: arn:aws:sts::298204050035:assumed-role/Cloud9InstanceRole/i-02b0739c4171ffdf9 is not authorized to perform: glue:CreateConnection on resource: arn:aws:glue:us-east-1:298204050035:catalog because no identity-based policy allows the glue:CreateConnection action
│
│ with aws_glue_connection.rds_connection,
│ on glue.tf line 6, in resource "aws_glue_connection" "rds_connection":
│ 6: resource "aws_glue_connection" "rds_connection" {
│
╵
╷
│ Error: putting IAM Role (Cloud9-de-c1w2-glue-role) Policy (de-c1w2-glue-role-policy): operation error IAM: PutRolePolicy, https response error StatusCode: 403, RequestID: 3f623d8c-1cc6-4e1c-b955-efb89d96ba8a, api error AccessDenied: User: arn:aws:sts::298204050035:assumed-role/Cloud9InstanceRole/i-02b0739c4171ffdf9 is not authorized to perform: iam:PutRolePolicy on resource: role Cloud9-de-c1w2-glue-role because no identity-based policy allows the iam:PutRolePolicy action
│
│ with aws_iam_role_policy.task_role_policy,
│ on iam_roles.tf line 6, in resource "aws_iam_role_policy" "task_role_policy":
│ 6: resource "aws_iam_role_policy" "task_role_policy" {
│
It seems my voclabs/user has IAM roles to access the Glue service, and I can’t add roles because I don’t have permission.
Besides that, after running source scripts/setup.sh
isn’t showing the Jupyter Lab URL. Actually, you can see the URL on the jupyter_output.log
in the root folder.
The tutorial is using Terraform v5.24, but it’s installed v5.67 and there are so many breaking changes between these versions.