By using AWS re:Post, you agree to the AWS re:Post Terms of Use

EMR Workspace failed to start error

0

Hi,

Looking to confirm how things work!

  • I have created a EMR cluster with ec2 which closes down after no use
  • I have created a EMR Studio using the terraform module: terraform-aws-modules/emr/aws//modules/studio

Set via:

module "emr_studio_iam" {
  source = "terraform-aws-modules/emr/aws//modules/studio"
  name                = "studio-module"
  auth_mode           = "IAM"
  default_s3_location = "s3://dev-emr/studio"
  create_service_role = true
  service_role_name = "studio-module-role"
  vpc_id     = data.aws_vpc.this.id
  subnet_ids = [data.aws_subnets.intra.ids[0], data.aws_subnets.intra.ids[1], data.aws_subnets.intra.ids[2]]
}

When trying to create a workspace in the EMR Studio I get the error:

Workspace manual-workspace failed to start
Workspace(notebook) is stopped. Service Role does not have the required permissions. You are not authorized to perform this operation. Encoded authorization failure message:

Im confused with the docs as theres references notebooks but nothing about workspaces for permissions. its only studio. I take it that notebooks was the old way of doing things? But im not clear about how we are meant to do it now? OR what permissions i should set the studio role (Then again is it the service or the user role thats got the problem!)

Any insight would be welcome!

asked 2 years ago1.9K views
1 Answer
0
Accepted Answer

Hello,

Thank you for writing on re:Post.

I see that you are facing issues while setting up your EMR Workspace.

As it is failing with below error - Workspace manual-workspace failed to start Workspace(notebook) is stopped. Service Role does not have the required permissions. You are not authorized to perform this operation. Encoded authorization failure message:

There should be an encoded message which can be decoded to find the missing permissions. Please decode by using the below command from aws cli- aws sts decode-authorization-message --encoded-message <value>

Then you can add the missing permission on the Service Role.

Below documentation should help you in getting the required roles for the service role. [+] https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-studio-service-role.html

Please try the above suggestions. Hope they improve your experience.

Thanks and have a great day!

AWS
SUPPORT ENGINEER
answered 2 years ago
profile picture
EXPERT
reviewed 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions