我正在尝试从 Lambda 触发胶水作业。它失败并出现以下错误:
调用 StartJobRun 操作时发生错误(AccessDeniedException):用户:
JSON:
Response
{
"errorMessage": "An error occurred (AccessDeniedException) when calling the StartJobRun operation: User: arn:aws:sts::XXXX:assumed-role/xxxx-role/xx-Job is not authorized to perform: glue:StartJobRun on resource: arn:aws:glue:us-east-1:XXXX:job/xx-Job because no identity-based policy allows the glue:StartJobRun action",
"errorType": "AccessDeniedException",
"requestId": "38feed94-a0c2-4ed1-843f-7e7f7b1abca2",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 12, in lambda_handler\n runId = glue.start_job_run(JobName=gluejobname)\n",
" File \"/var/lang/lib/python3.11/site-packages/botocore/client.py\", line 534, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/lang/lib/python3.11/site-packages/botocore/client.py\", line 976, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
Lambda 代码,
import boto3
def lambda_handler(event, context):
# TODO implement
glue = boto3.client('glue')
gluejobname = "AWS_ETL_Load"
try:
runId = glue.start_job_run(JobName=gluejobname)
status = glue.get_job_run(JobName=gluejobname, RunId=runId['JobRunId'])
print("Job Status : ", status['JobRun']['JobRunState'])
except Exception as e:
print(e)
raise
我缺少哪个角色?我也无法在 AWS 文档中找到该角色。
该错误意味着您的 lambda 执行角色
arn:aws:sts::XXXX:assumed-role/xxxx-role/xx-Job
没有运行 glue:StartJobRun
的权限。所以你必须修改你的角色并添加这样的权限。
也有可能您在 lambda 以外的其他级别上被拒绝执行此类操作,例如SCP,边界条件。然后你也必须修改它们。