C4W4 Capstone project 2. Glue ETL jobs throwing access error

In the 2nd capstone project, when I run the transform glue etl jobs, this error is thrown

AnalysisException: Insufficient Lake Formation permission(s) on de_c4w4a2_transform_db (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 1f805925-459a-469b-a88d-847d090dc658; Proxy: null)

Need help in fixing this

Hello @sahil251298
Sorry for the inconvenience. Can you please fill out the lab refresh form and try again after your lab is refreshed?

Hi Amir, I’m having the same permission problem, and follow the link you provided. So now I should wait is correct? Thank you

Hello @rrosa
Yes. Please, wait up to 3 business days and try again after.

1 Like

Hi Amir,

I hope you’re doing well!

I’m not sure if I’ve done something wrong or missed a step, but when running the following command in the Visual Studio Code terminal as instructed in the Jupyter notebook:
aws glue start-job-run --job-name de-c4w4a2-json-transform-job

I encountered the same issue. In the AWS Console, under AWS Glue > ETL Jobs, the job run has a “Failed” status with the following exception message:

AnalysisException: Insufficient Lake Formation permission(s) on de_c4w4a2_transform_db 
(Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; 
Request ID: f3e13364-62d8-4273-b96f-32154bc047b8; Proxy: null)

Additionally, I noticed that my running user in the AWS Console (top-right corner) is prefixed with voclabs/.

Could you please help me identify what might be missing so I can successfully complete the project? I’d greatly appreciate any guidance you can provide.

Thank you so much in advance! :blush:

Best regards,
Rui Rosa

Hello @rrosa
The Insufficient Lake Formation permission can be fixed via a lab refresh. Please, fill out this lab refresh form and try again after 3 working days.

1 Like

Hi @Amir_Zare Im getting the following error after running the glue start-job-run. Can I get help on this please?
An error occurred (AccessDeniedException) when calling the StartJobRun operation: User: arn:aws:sts::471112906237:assumed-role/VSCodeInstanceRole/i-0353661b5af2b206e is not authorized to perform: glue:StartJobRun on resource: arn:aws:glue:us-east-1:471112906237:job/glue_api_users_extract_job because no identity-based policy allows the glue:StartJobRun action

Hello @Edmund_Koh
I guess you are using a wrong value for the job name in the glue start job command. Please, provide the full command you use so that we can check it.

Hey @Amir_Zare attached my input
Screenshot 2025-02-12 at 3.16.48 PM

@Edmund_Koh As I said, glue_api_user_extract_job is not the correct job name. You need to get the value of the output named glue_api_user_extract_job from terraform and use that value as the job name in the command.

Hi Amir,

It took me a little while to retry, but I finally got around to it today, and everything ran smoothly! I just wanted to update you and sincerely thank you for your help—I really appreciate it!

Best regards,
Rui Rosa