CODEWITHSUNDEEP
amazon-web-servicesaws-glue
Leon
Leon

Reputation: 6554

AWS Glue Jupyter Notebook Failed to authenticate user

When I started job with IAM Role AWSGlueServiceNotebookRoleDefault I have this error:

Failed to authenticate user due to missing information in request.

No information in docs about this error.

I do everything from this and this, I have two buckets crawler-public-service & aws-glue-service.

GlueServiceNotebookPolicyDefault:

{  
    "Version":"2012-10-17",
    "Statement":[  
       {  
          "Effect":"Allow",
          "Action":[  
             "glue:CreateDatabase",
             "glue:CreatePartition",
             "glue:CreateTable",
             "glue:DeleteDatabase",
             "glue:DeletePartition",
             "glue:DeleteTable",
             "glue:GetDatabase",
             "glue:GetDatabases",
             "glue:GetPartition",
             "glue:GetPartitions",
             "glue:GetTable",
             "glue:GetTableVersions",
             "glue:GetTables",
             "glue:UpdateDatabase",
             "glue:UpdatePartition",
             "glue:UpdateTable",
             "glue:GetJobBookmark",
             "glue:ResetJobBookmark",
             "glue:CreateConnection",
             "glue:CreateJob",
             "glue:DeleteConnection",
             "glue:DeleteJob",
             "glue:GetConnection",
             "glue:GetConnections",
             "glue:GetDevEndpoint",
             "glue:GetDevEndpoints",
             "glue:GetJob",
             "glue:GetJobs",
             "glue:UpdateJob",
             "glue:BatchDeleteConnection",
             "glue:UpdateConnection",
             "glue:GetUserDefinedFunction",
             "glue:UpdateUserDefinedFunction",
             "glue:GetUserDefinedFunctions",
             "glue:DeleteUserDefinedFunction",
             "glue:CreateUserDefinedFunction",
             "glue:BatchGetPartition",
             "glue:BatchDeletePartition",
             "glue:BatchCreatePartition",
             "glue:BatchDeleteTable",
             "glue:UpdateDevEndpoint",
             "s3:GetBucketLocation",
             "s3:ListBucket",
             "s3:ListAllMyBuckets",
             "s3:GetBucketAcl"
          ],
          "Resource":[  
             "*"
          ]
       },
       {  
          "Effect":"Allow",
          "Action":[  
             "s3:GetObject"
          ],
          "Resource":[  
             "arn:aws:s3:::crawler-public*",
             "arn:aws:s3:::aws-glue*"
          ]
       },
       {  
          "Effect":"Allow",
          "Action":[  
             "s3:PutObject",
             "s3:DeleteObject"          
          ],
          "Resource":[  
             "arn:aws:s3:::aws-glue*"
          ]
       },
       {  
          "Effect":"Allow",
          "Action":[  
             "ec2:CreateTags",
             "ec2:DeleteTags"
          ],
          "Condition":{  
             "ForAllValues:StringEquals":{  
                "aws:TagKeys":[  
                   "aws-glue-service-resource"
                ]
             }
          },
          "Resource":[  
             "arn:aws:ec2:*:*:network-interface/*",
             "arn:aws:ec2:*:*:security-group/*",
             "arn:aws:ec2:*:*:instance/*"
          ]
       },
       {  
         "Effect":"Allow",
         "Action":[  
            "kms:Decrypt"
         ],
         "Resource":[  
            "arn:aws:kms:*:id:key/key-id"
         ]
      }
    ]
 }

AWSGlueServiceNotebookRoleDefault:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "glue.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

How to fix this? Thanks!

Upvotes: 5

Views: 5984

Answers (5)

Tiansu Yu
Tiansu Yu

Reputation: 13

On safari, you can go to Preferences > Privacy > Prevent Cross Site Tracking (disable the box of this). Then you should be able to use it as expected. This unblocks me from using Glue notebook.

Upvotes: 1

Jonathan
Jonathan

Reputation: 61

I had this same issue 15.11.2022. I tried all the above and tried on several browsers/OS. We were able to repeat the issue on all of them, so we sent a support ticket to AWS and they replied that it was a data centre wide issue that was being resolved. As of this morning it is resolved.

Upvotes: 0

Oskar
Oskar

Reputation: 103

I was experiencing the same problem using chrome. Solved it by going to Chrome -> Settings -> Safety -> Cookies -> Under user defined settings add a website that is always allowed cookies named "[*.]aws.amazon.com"

I believe your roles are fine.

Upvotes: 9

NotebookMonger
NotebookMonger

Reputation: 31

This is Safari blocking third party cookies by default. The notebook domain and the AWS console domain are different and Safari will block cross-site cookies due to privacy (tracking) concerns.

You can allowlist the notebook domain or disable third party cookie blocking in Safari.

Upvotes: 3

Leon
Leon

Reputation: 6554

This strange behavior reproduces in Safari. In Chrome all works perfect.

Upvotes: 3

Related Questions