I want to troubleshoot AWS Identity and Access Management (IAM) issues that occur when I open the Amazon EMR Serverless console.
Resolution
Check your IAM permissions
To check your IAM permissions, take the following actions:
- Make sure that your IAM user or role has the correct permissions to access the Amazon EMR Serverless console. For more information, see Grant permissions.
- Confirm that no policies are attached to your IAM user or role that conflict. If the Deny statements in your policies conflict, then update your policies.
- Confirm that the IAM role's trust policy allows Amazon EMR to assume the role. If the trust policy doesn't allow Amazon EMR to assume the role, then edit the policy to include the following:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "elasticmapreduce.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Check your IAM policy JSON syntax
Make sure that your IAM policy JSON syntax is correct. It's a best practice to use the IAM policy simulator to test and validate your IAM policies.
Check your CloudTrail logs
Search for IAM actions and Amazon EMR Serverless events in your AWS CloudTrail logs for denied actions that are related to Amazon EMR Serverless.
Clear your browser cache
Browser cache issues might cause IAM issues when you open the Amazon EMR Serverless console. To resolve this issue, clear your browser cache or access the Amazon EMR console from an incognito or private browser window.