C4W4 Capstone 2 - not authorized to perform: glue:StartJobRun

When I try to start the glue jobs at the start of capstone project number 2, I get a “not authorized to perform: glue:StartJobRun” error as follows:

(jupyterlab-venv) abc@d2646e4b4d8d:~/workspace/terraform$ aws glue start-job-run --job-name glue_api_users_extract_job | jq -r ‘.JobRunId’

An error occurred (AccessDeniedException) when calling the StartJobRun operation: User: arn:aws:sts::590184094618:assumed-role/VSCodeInstanceRole/i-05dfbb167a48e8b43 is not authorized to perform: glue:StartJobRun on resource: arn:aws:glue:us-east-1:590184094618:job/glue_api_users_extract_job because no identity-based policy allows the glue:StartJobRun action

Is this something I am doing wrong?

Hello @mmcgonag,
Could you try running the job from AWS glue console. I had a similar issue and it worked running the job there.
Check this post
You should see those jobs in AWS try selecting glue_api_users_extract_job, run it and check Runs tab, hope it helps:


AWS glue jobs

@mmcgonag After you run terraform apply, you should see for each output variable its value. To run the glue job, you need to use the value not the name of the output variable.
So for instance, in the terminal, you should get:
glue_api_users_extract_job = “de-c4w4a2-api-users-extract-job”

To run this glue job, you would need to use this command:
aws glue start-job-run --job-name de-c4w4a2-api-users-extract-job | jq -r ‘.JobRunId’

This is why as Georgios suggested, if you run the job from the console it works, because in the console you can see the correct name for the glue job.

Thanks!

1 Like