1 Answer
- Newest
- Most votes
- Most comments
0
You'd need to grant glue job service role kms:Decrypt access. From the error logs it's evident that it doesn't have access to KMS key here.
You need to find the KMS key and then add this permission to one of the policy in glue job service role. Once you add kms:Decrypt permission for that KMS key, this error would go away.
Refer Setting up encryption in AWS Glue and Encrypting data written by AWS Glue for more details and see which one applies to your case and accordingly add the permissions for kms:Decrypt.
Also make sure there are no explicit deny in that KMS key resource policy, you can check that by going to KMS console, select that key and check key policy.
Hope this helps.
Abhishek
Relevant content
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
Do you have any additional questions, happy to help.