C3W2 - Lab2 - Programming Assignment: Assignment 2: Building a Data Lakehouse with AWS Lake Formation and Apache Iceberg

Im encountering the following error in section 3.2 in particular terraform init part would throw the following error. Can anyone advise please?

got the following error after running terraform plan

module.landing_etl.data.aws_iam_policy_document.glue_base_policy: Reading…
module.landing_etl.data.aws_iam_role.glue_role: Reading…
module.landing_etl.data.aws_security_group.db_sg: Reading…
module.landing_etl.data.aws_subnet.public_a: Reading…
module.landing_etl.data.aws_iam_policy_document.glue_access_policy: Reading…
module.landing_etl.data.aws_iam_policy_document.glue_base_policy: Read complete after 0s [id=3940084333]
module.landing_etl.data.aws_iam_policy_document.glue_access_policy: Read complete after 0s [id=133058508]

Changes to Outputs:

  • project = “”

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
â•·
│ Error: reading IAM Role (): operation error IAM: GetRole, https response error StatusCode: 400, RequestID: 220e4233-e4f5-46bc-8d7b-27a3d03a2afc, api error ValidationError: The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
│
│ with module.landing_etl.data.aws_iam_role.glue_role,
│ on modules/landing_etl/iam_roles.tf line 1, in data “aws_iam_role” “glue_role”:
│ 1: data “aws_iam_role” “glue_role” {
│
╵
â•·
│ Error: multiple EC2 Subnets matched; use additional constraints to reduce matches to a single EC2 Subnet
│
│ with module.landing_etl.data.aws_subnet.public_a,
│ on modules/landing_etl/network.tf line 1, in data “aws_subnet” “public_a”:
│ 1: data “aws_subnet” “public_a” {
│
╵
â•·
│ Error: multiple EC2 Security Groups matched; use additional constraints to reduce matches to a single EC2 Security Group
│
│ with module.landing_etl.data.aws_security_group.db_sg,
│ on modules/landing_etl/network.tf line 5, in data “aws_security_group” “db_sg”:
│ 5: data “aws_security_group” “db_sg” {
│
╵

Hello @Edmund_Koh,
I couldn’t reproduce the issue, but I had simillar errors in other labs of the course. I suggest to wait for a new lab session (2 hours) to see if you can get terraform plan to work. You can also try to start from the beginning, delete terraform folder then click help and get latest version to get a new folder, finally click reboot, hope it helps:

Hi @Georgios i tried the deleting and rebooting method. But i still encounter the following error after running terraform plan

Hello @Edmund_Koh,
Sorry for the inconvenience, it seems you are getting exactly the same error in this step. As I said I couldn’t reproduce it in any part of the lab. You could try a lab refresh with this form. Hope it helps

I am also getting the same error. This is my lab id: pqfzhqjzqqoi.

Error: reading IAM Role (yes): operation error IAM: GetRole, https response error StatusCode: 403, RequestID: 97e9dcb0-e357-4350-85a9-0d8dea796525, api error AccessDenied: User: arn:aws:sts::339712935060:assumed-role/voclabs/user3843864=pqfzhqjzqqoi is not authorized to perform: iam:GetRole on resource: role yes with an explicit deny in an identity-based policy
│
│ with module.landing_etl.data.aws_iam_role.glue_role,
│ on modules/landing_etl/iam_roles.tf line 1, in data “aws_iam_role” “glue_role”:
│ 1: data “aws_iam_role” “glue_role” {
│
╵
â•·
│ Error: reading EC2 Subnet: operation error EC2: DescribeSubnets, https response error StatusCode: 403, RequestID: 0d8cf3c2-0267-4bc3-b3d5-cde86cacc507, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::339712935060:assumed-role/voclabs/user3843864=pqfzhqjzqqoi is not authorized to perform: ec2:DescribeSubnets with an explicit deny in an identity-based policy
│
│ with module.landing_etl.data.aws_subnet.public_a,
│ on modules/landing_etl/network.tf line 1, in data “aws_subnet” “public_a”:
│ 1: data “aws_subnet” “public_a” {
│
╵
â•·
│ Error: reading EC2 Security Group: operation error EC2: DescribeSecurityGroups, https response error StatusCode: 403, RequestID: 134edaf8-f38a-4df9-80b0-2789af143d73, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::339712935060:assumed-role/voclabs/user3843864=pqfzhqjzqqoi is not authorized to perform: ec2:DescribeSecurityGroups with an explicit deny in an identity-based policy
│
│ with module.landing_etl.data.aws_security_group.db_sg,
│ on modules/landing_etl/network.tf line 5, in data “aws_security_group” “db_sg”:
│ 5: data “aws_security_group” “db_sg” {
│

Hello @brian3190,

It seems you have the same issue that @Edmund_Koh had, perhaps after a lab refresh with this form it should fix. It takes 2 business days to process since it is a manual process performed by the engineers and you will be notified. Hope it helps

Hi @Georgios , I am also facing an issue with terraform. When I do terraform plan, the following comes: It generates prompts for me to enter value (which I do not know why), and continuously does so until I force the terminal to stop.

I read somewhere that terraform is not finding values for the variables it needs but I do not know how to address it by following the instructions of the lab!

Hello @Dan_m,

This happens after the terraform plan command when the terminal crashes. You could try running source scripts/setup.sh again to set those variables. Hope it helps

2 Likes