Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Error while querying Athena

0

Hello,

I'm current redeploying a CI/CD pipeline from a Legacy Terraform to Terraform on Cloud. The following error first appeared on the newly migrated pipelines:

HIVE_UNKNOWN_ERROR: com.amazonaws.services.lakeformation.model.InvalidInputException: Unable to assume role. Please verify Lake Formation has access to role arn:aws:iam::561######914:role/aws-reserved/sso.amazonaws.com/us-west-2/AWSReservedSSO_AdministratorAccess_0bb#####78e (Service: AWSLakeFormation; Status Code: 400; Error Code: InvalidInputException; Request ID: 73d56a83-6796-4cbe-befb-3e0b4e736773; Proxy: null)

After trying to grant permissions manually we oscillated between propagating this error to all databases on the project to retrieving this error to only a few databases.

We tried to grant permission through the Data lake permissions, with LF-Tags and also with the Databases. But without success.

Any idea on what to do?

Themen
AnalysenSicherheit, Identität & Konformität
Tags
Amazon AthenaAWS Lake FormationIAM-Richtlinien
Sprache
English
rePost-User-9685519
gefragt vor einem Jahr256 Aufrufe
1 Antwort
1

It seems like you need to add access to the underlying S3 location https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_resource

if that does not work, please try adding the role into default data lake settings /permissions https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_data_lake_settings

profile pictureAWS
Ananth Tirumanur
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt