Reputation: 421
AWS Lake Formation: Insufficient Lake Formation permission(s) on s3://abc/
I'm trying to setup a datalake from AWS Lake Formation Console.
I'm following the below resource to do the same: https://aws.amazon.com/blogs/big-data/integrating-aws-lake-formation-with-amazon-rds-for-sql-server/
But in second step while creating db, after entering db name and selecting s3 location, I'm getting
Insufficient Lake Formation permission(s) on s3:
I checked my permissions, I have admin role mapped to my account which allows all (*)
Can anyone help what's the actual issue!
Upvotes: 10
Views: 38098
Answers (4)
Reputation: 1
AWS Lake formation requires IAM as well as Lake Formation Permissions to Access Lake formation Resources.
In your case you have the required IAM Permissions but you still need to have appropriate Lake Formation Permissions to access Lake Formation Resources.
So you need to grant appropriate Lake Formation Permissions for S3 location to your principle so that your RDS can access the said Lake Formation resource.
You can do this via AWS CLI as we as Console.Refer https://stackoverflow.com/a/65602261/15308943.
Upvotes: 0
Reputation: 1083
If you use SageMaker, when query Athena and get stuck with "AWS Lake Formation: Insufficient Lake Formation permission(s) on temp s3:// ... AWS Glue". You should check in "Datalake permission" in LakeFormation, grant the execution role with resource database "sagemaker_data_wrangler" with full permission. This is because when SageMaker do query Athena, it will store its temporary result in database "sagemaker_data_wrangler" of Glue, so it doesn't have enough permission for storing temporary data there.
Fore more information: https://github.com/awslabs/aws-data-wrangler/issues/677
Upvotes: 0
Reputation: 31
If you have declared some resource(IAM role / User) as lake formation administrator, you won't be able to create a Glue database from the lake formation console, Even though you have AWS account administrator access. It will work if you try creating using lake formation admin resource permissions.
Upvotes: 3
Reputation: 127
As error states "Insufficient Lake Formation permission(s) on s3"
This implies you have to give your role/user the permission to access s3 bucket. There for first you have to go to "Lake Formation" => Under "Permissions" tab => Select "Data locations" and then register your S3 location.
After this step you can go and create your DB.
Upvotes: 11
Related Questions
- Terraform ELB S3 Permissions Issue
- Cloudformation: API: s3:CreateBucket Access Denied
- AWS S3 Bucket giving 'policies must be valid JSON and the first byte must be '{'
- Usage of AWS Lake Formation with CloudFormation
- AWS Lake Formation: CLI grant_permissions : Unknown parameter in Resource.Table: "TableWildcard"
- IAM Role setup enabled to create databases and tables with Lake Formation
- AWS Organizations permission denied
- You are not authorized to perform this operation
- Terraform S3 bucket creation causes not authorized
- Access Denied from S3 Bucket [pendente]