While running the transformation Glue jobs, I get an error:
"AnalysisException: Insufficient Lake Formation permission(s) on de_c4w4a1_silver_db (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 6ac1a4f1-1c80-43b5-842c-8dec22d8196e; Proxy: null)
And the error is true - no permission is granted.
In C3W2 we did the same thing, but granted the permissions like this:
- Add policy statement to the Glue job role in
policies.tf
statement {
sid = "AllowLakeFormationAccess"
effect = "Allow"
actions = [
"lakeformation:GetDataAccess"
]
resources = [
"*",
]
}
- Allow access with lake formation
import boto3
bucket_name = f"de-c4w4a1-{account_id}-us-east-1-data-lake"
catalog_database = "de_c4w4a1_silver_db"
data_location_arn = f"arn:aws:s3:::{bucket_name}"
glue_role_arn = f"arn:aws:iam::{account_id}:role/Cloud9-de-c4w4a1-glue-role"
lf_client = boto3.client("lakeformation", region_name="us-east-1")
lf_client.grant_permissions(
Principal={"DataLakePrincipalIdentifier": glue_role_arn},
Resource={
"DataLocation": {"ResourceArn": data_location_arn},
},
Permissions=["DATA_LOCATION_ACCESS"],
PermissionsWithGrantOption=["DATA_LOCATION_ACCESS"],
)
lf_client.grant_permissions(
Principal={"DataLakePrincipalIdentifier": glue_role_arn},
Resource={"Database": {"Name": catalog_database}},
Permissions=permissions,
)
Unfortunately I don’t have permissions to grant the access with lake formation.
I have to finish the course today, probably without this lab.
But I hope the lab will be fixed for the other participants.