Hi,
I’m currently working on the Capstone Project (Part 1) ETL and Data Modeling, even on the very first attempt from this new lab/account. This is from a fresh assignment environment that just started, and I haven’t made any manual changes. and while running source scripts/setup.sh, I’m repeatedly getting Access Denied and Unauthorized Operation errors. Here are some of the specific errors:
rds: Describe DB Instances – access denied
ec2:DescribeSubnets – unauthorized
s3:ListAllMyBuckets – access denied
redshift: Describe Clusters – access denied
The error message also mentions “explicit deny in an identity-based policy”, which seems to be blocking my assumed role.
Despite this, the script ends with “Setup completed successfully,” but the actual permissions clearly aren’t working.
Could you please check or refresh the AWS environment permissions for my lab? I’m unable to move forward due to these repeated access issues.
Hi @hawraa.salami @khusha is encountering an error, primarily an “access denied” issue in AWS. It seems this might be related to a recent lab refresh.
Would you mind taking a look when you get a chance? Thanks so much!
I have a similar but slightly different problem post lab refresh. I received an email that stated my problem was solved, but when I logged in to work, I received the following single error message from running setup.sh:
I just checked the capstone labs. It looks like the stack of AWS resources are not correctly loading. This happens when AWS updates the resources, so this is something in the lab settings that we need to fix from our side. I will check with the team on this and get back to you regarding the estimated time (when we can fix this). We’ll fix as soon as possible.
I am also running into this issue. It hasn’t been resolved as of now. This certification is part of my senior project and is a time-sensitive issue. Please let us know as soon as possible when it is fixed.
Explanation of the issue: Yesterday, AWS deprecated the usage of the computing node: dc2.large that we used for the redshift cluster in the last two capstone labs. This why the stack of AWS resources were failing to start and this is why you were not seeing any resources.
We fixed the issue, we used another type computing node (ra3: this is what AWS recommended). I tried both capstone labs and they are now working. Please let me know if you encounter any other issues.
I am able to access the AWS console. But I’m currently working on the lab and encountered a permissions issue when trying to run the Glue job as instructed. Specifically, when I execute the following command:
An error occurred (AccessDeniedException) when calling the StartJobRun operation:
User: arn:aws:sts::724509139607:assumed-role/voclabs/user[...] is not authorized to perform:
glue:StartJobRun on resource: arn:aws:glue:us-east-1:724509139607:job/glue_api_users_extract_job
It appears the IAM role assigned to me in the lab does not have the necessary permissions (glue:StartJobRun) to run the job.
Could you please assist with resolving this issue or adjusting the permissions so I can proceed?
@hawraa.salami Thank you for the quick response. I tried to apply what you said and I received the same result. coder@a4789eecb12a:~/project/terraform$ aws glue start-job-run --job-name module.extract_job.glue_rds_extract_job | jq -r ‘.JobRunId’
An error occurred (AccessDeniedException) when calling the StartJobRun operation: User: arn:aws:sts::724509139607:assumed-role/voclabs/user4138048=lgbwodudwiph is not authorized to perform: glue:StartJobRun on resource: arn:aws:glue:us-east-1:724509139607:job/module.extract_job.glue_rds_extract_job because no identity-based policy allows the glue:StartJobRun action
@emzaro In the terminal, did you typeterraform output, and you got module.extract_job.glue_rds_extract_job ?
You should use the value that is actually assigned to the variable (module.extract_job.glue_rds_extract_job) is used in the terraform configuration files to tell terraform how to assign the value to the output variable. So the actual value should be assigned to the variable after running terraform apply. I’m assuming you already run terraform apply.
You can get the actual value of the output variable by typing: terraform output in the terminal or you can check the AWS console and search for the glue job to see the actual name.
