I want to troubleshoot connection errors when I set up input data for an Amazon SageMaker Ground Truth labeling job.
Resolution
When you have connection issues with SageMaker Ground Truth, you get an error similar to the following:
"Connection error: There was an issue with your input data setup. Ground Truth could not setup a connection with your dataset in S3. Please check your input data setup and try again, or use the manual data setup option. Network Failure Request id: <request_id> "
This error occurs because your AWS Identity and Access Management (IAM) role doesn't have the necessary permissions to set up the input data.
To troubleshoot this error, check that your IAM role has the following policies attached:
- AmazonSageMakerFullAccess
- Amazon Simple Storage Service (Amazon S3) read and write access
Issues with SageMaker access
If your IAM role doesn't have the AmazonSageMakerFullAccess policy attached, then attach the following Ground Truth actions to the policy:
- groundtruthlabeling:DescribeConsoleJob
- groundtruthlabeling:ListDatasetObjects
- groundtruthlabeling:RunFilterOrSampleManifestJob
- groundtruthlabeling:RunGenerateManifestByCrawlingJob
For more information, see Actions defined by Amazon GroundTruth Labeling.
Issues with Amazon S3 access
The IAM role must include the required permissions to access the input data files in the Amazon S3 bucket. For more information, see Grant read and write access to Amazon S3 bucket objects.
Issues with cross-account access
If your data is in another AWS account, then check that the execution role account has access to the S3 objects. For more information, see How do I provide cross-account access to objects that are in Amazon S3 buckets?
Issues with service control policies
Be sure that the service control policies applied at the organization level don't restrict actions on the member account. For example, even if the execution role has the required permissions, an explicit DENY on all groundtruthlabeling actions overrides the permissions and restricts the connection. For more information, see SCP effects on permissions.