By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Error while querying Athena

0

Hello,

I'm current redeploying a CI/CD pipeline from a Legacy Terraform to Terraform on Cloud. The following error first appeared on the newly migrated pipelines:

HIVE_UNKNOWN_ERROR: com.amazonaws.services.lakeformation.model.InvalidInputException: Unable to assume role. Please verify Lake Formation has access to role arn:aws:iam::561######914:role/aws-reserved/sso.amazonaws.com/us-west-2/AWSReservedSSO_AdministratorAccess_0bb#####78e (Service: AWSLakeFormation; Status Code: 400; Error Code: InvalidInputException; Request ID: 73d56a83-6796-4cbe-befb-3e0b4e736773; Proxy: null)

After trying to grant permissions manually we oscillated between propagating this error to all databases on the project to retrieving this error to only a few databases.

We tried to grant permission through the Data lake permissions, with LF-Tags and also with the Databases. But without success.

Any idea on what to do?

Topics
AnalyticsSecurity, Identity, & Compliance
Tags
Amazon AthenaAWS Lake FormationIAM Policies
Language
English
rePost-User-9685519
asked a year ago251 views
1 Answer
1

It seems like you need to add access to the underlying S3 location https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_resource

if that does not work, please try adding the role into default data lake settings /permissions https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_data_lake_settings

profile pictureAWS
Ananth Tirumanur
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content