- Newest
- Most votes
- Most comments
Hi,
Maybe Glue accesses SAP via another role and doesn't switch properly to your execution role for S3 access.
To exactly see what's happening in your setup, I would suggest to leverage CloudTrail: you'll will be able to see all APIs calls. In particular, you will see the failing one for S3 and see under which identity it is made to check the hypothesis above.
This KB article will show you how to do that: https://repost.aws/knowledge-center/cloudtrail-track-api
Best,
Didier
Hello,
It seems like your AWS Glue job role might not be correctly switching to the necessary role for accessing S3 when reading from SAP HANA. Here are the steps to troubleshoot:
Verify IAM Role Permissions: Ensure the IAM role for the Glue job has the necessary S3 permissions (s3:PutObject, s3:GetObject, s3:ListBucket).
Check S3 Bucket Policy: Make sure the S3 bucket policy allows access to the IAM role.
Use AWS CloudTrail: Check AWS CloudTrail to see the failing API calls and verify the identity under which the S3 access is attempted. This will help identify if the correct role is being used.
https://docs.aws.amazon.com/glue/latest/dg/what-is-glue.html
One more thing is that the SAP hana database is hosted on EC2 on another account. So, basically, My AWS glue job fetches data from SAP hana (hosted on EC2 on another account). I am able to see the data on AWS glue cloudwatch output by doing dataframe.show() However, while trying to write using glueContext.write_dynamic_frame.from_options, I am getting AccessDenied Error. What could be the possible reasons and how to resolve this?
Relevant content
- asked 4 months ago
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 months ago
One more thing is that the SAP hana database is hosted on EC2 on another account. So, basically, My AWS glue job fetches data from SAP hana (hosted on EC2 on another account). I am able to see the data on AWS glue cloudwatch output by doing dataframe.show() However, while trying to write using glueContext.write_dynamic_frame.from_options, I am getting AccessDenied Error. What could be the possible reasons and how to resolve this?