Reputation: 196
Error emrfs create-metadata not working on EMR
While performing emrfs create-metadata operation on emr master node I am getting the following error
Error creating meatadata EmrFSMetadata: User: arn:aws:sts::<accountid>:assumed-role/emr-ec2-role/i-04dlcd547ef60654a is not authorized to perform:
dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:<account id >:/table/EmrFSMetadata (Service: AmazonDynamoDB2;
Status code: 400: Error code: AccessdeniedException;
IAM emr-ec2-role has has dynamodb:DescribeTable permission.
still I am getting error.
pleaes help me to resolve this issue
Upvotes: 0
Views: 315
Answers (2)
Reputation: 196
It's resolve VPC endpoint was blocking it
I add EmrFSMetadata table name in Dynamodb VCP endpoint policy and given create table permission.
Upvotes: 1
Reputation: 1410
I use AWS managed policy in emr-ec2-role. I don’t have any problem these.
Have you checked if you have any resource limitation in emr-ec2-role -
Lets say you have this permission
{
"Action": [
"dynamodb:DescribeTable"
],
"Resource": [
"arn:aws:dynamodb:<a-different-region>::/table/*"
],
"Effect": "Allow",
"Sid": "VisualEditor1"
}
So the table that you are accessing is on us-east-1. And you actually have permission to describe table on other region.
If that doesn’t help either, try use AWS managed policy for once
arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role and see if there is any error.
Upvotes: 0
Related Questions
- AWS EMR validation error
- AWS EMR not generating NameNode FsImage
- Trouble integrating EMR with S3
- EMR Cluster "Error provisioning instances"
- AWS EMR Spark --properties-file Class com.amazon.ws.emr.hadoop.fs.EmrFileSystem not found
- AWS EMR throws exception on Accelerated Endpoint configuration
- `EMR service role is invalid` when Creating EMR Cluster
- AWS EMR Step failed as jobs it created failed
- AWS EMR Cluster fails to launch
- how to create Amazon EMR cluster from the command line in Ubuntu?