我已设置与 RDS 数据库的 AWS Glue 连接(在同一账户和区域中)。进行测试连接时出现以下错误
rds-prod-snapshot test connection failed. For more information see the logs
点击 CloudWatch 链接后出现错误
There was an error getting log events.
The specified log stream does not exist.
该角色具有 CloudWatch 日志的 IAM 权限
我按照故障排除文档到目前为止> https://aws.amazon.com/premiumsupport/knowledge-center/glue-test-connection-failed/(事实上,我在设置时解决了大部分问题)首先连接并解决)
事实证明
AWSGlueServiceRole只是为了这个问题再加上我的 2 美分。尽管您可以将
AWSGlueServiceRole statement {
sid = "CloudWatchGlueJobLogs"
effect = "Allow"
actions = [
"logs:GetLogEvents",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
resources = [
"arn:aws:logs:*:*:log-group:/aws-glue/jobs/output:*",
"arn:aws:logs:*:*:log-group:/aws-glue/jobs/error:*",
"arn:aws:logs:*:*:log-group:/aws-glue/jobs/logs-v2:*",
"arn:aws:logs:*:*:log-group:/aws-glue/testconnection/output/your_glue_connection:*",
"arn:aws:logs:*:*:log-group:/aws-glue/testconnection/error/your_glue_connection:*"
]
}
statement {
sid = "GlueJobRead"
effect = "Allow"
actions = [
"glue:GetDatabase*",
"glue:GetTable",
"glue:GetPartition*",
"glue:BatchGetPartition",
"glue:GetConnection"
]
resources = [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/default",
"arn:aws:glue:*:*:database/your_ddatabase",
"arn:aws:glue:*:*:table/your_ddatabase/feedback",
"arn:aws:glue:*:*:table/default/table_name",
"arn:aws:glue:*:*:connection/your_glue_connection"
]
}
statement {
sid = "CloudwatchMetrics"
effect = "Allow"
actions = ["cloudwatch:PutMetricData"]
resources = ["*"]
condition {
test = "StringEquals"
values = ["Glue"]
variable = "cloudwatch:namespace"
}
}
statement {
sid = "GlueJobConnectionToRDS"
effect = "Allow"
actions = [
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcAttribute",
]
resources = ["*"]
}