Reputation: 1223
Failure using stage area. Cause: [Access Denied (Status Code: 403; Error Code: AccessDenied)]
I am new to snowflake and I have create a external stage and a give my s3 bucket url. My task is to copy json file from s3 to snowflake table. When I run copy command I am gettingan error .
My command are as follows:
create or replace file format investor_fileformat
type = 'json';
create or replace stage investor_stage
file_format = investor_fileformat url ='s3://emb-ingest-pit/extract/active/Test120220110/';
create table temp (id variant)
copy into temp from @investor_stage/Investor_20220114.json
Error: Failure using stage area. Cause: [Access Denied (Status Code: 403; Error Code: AccessDenied)].
When searched on internet it says I need "S3 bucket Integration" . I havent created one is this needed?
Thanks, Xi
Upvotes: 3
Views: 13460
Answers (3)
Reputation: 4614
I faced the same issue while copying the data from s3 to the snowflake table. After a lot of troubleshooting, I finally sorted it out. If you are using a personal s3 bucket for learning or training purposes this will be helpful.
Step 1:
The first goto >> s3 bucket >> permissions >> block public access >> uncheck Block all public access.
Try compiling the query. If your issue didn't resolve with step 1 then follow step 2 along with step 1.
The first goto >> s3 bucket >> permissions >> Bucket policy >> edit >> enter the below script and change the resource to your bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
now scroll down to Cross-origin resource sharing (CORS) >> edit >>
[
{
"AllowedHeaders": [
"Authorization",
"Content-Length"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
Try compiling the query. If your issue didn't resolve with steps 1 & 2 then follow step 3 along with steps 1 & 2.
Goto >> permissions >> Object Ownership >> click on ACL's Enabled >> save changes >> Goto permissions >> access control list >> edit >> give access to Everyone (public access) to list and read an s3 log delivery group.
These steps will help you resolve the issue.
Upvotes: 0
Reputation: 761
The s3 bucket integration is done using Storage integration in snowflake. Storage integration is used to authenticate/authorise the s3 access. Stage is created on top of a storage integration to access s3 locations that you want.
Read how to create storage integration here and access external storage: https://docs.snowflake.com/en/user-guide/data-load-s3-config-storage-integration.html
Do follow the above doc(it is quite exhaustive) and let me know if you face any challenges
Upvotes: 2
Reputation: 9818
You don’t appear to have set up secure access to s3. You’ll probably want to read the documentation
Upvotes: 2
Related Questions
- "File format does not exist or not authorized" error when altering Snowflake stage
- Snowflake error : SQL access control error: Insufficient privileges to operate on account '<Account-ID>'
- Insufficient privileges to operate on schema 'PUBLIC'
- snowflake.connector.errors.OperationalError: Failed to get the response
- Snowflake Unsupported Grant Type
- How to give create/alter stage privileges to a role
- schema does not exist and not authorized
- Insufficient privileges to drop schema
- Granted permissions to snowflake role to create warehouses but doesn't work
- Update Needed Report: Snowflake documentation. Create STAGE