hi team. I am getting this error while ingesting a...
# troubleshootm
most-byte-90620
05/15/2023, 9:44 PMhi team. I am getting this error while ingesting a athena source through datahub UI. datahub is running in docker on an EC2 using this role & the role has athena full access. any help is appreciated
Copy code
'[2023-05-15 21:28:50,063] INFO {botocore.credentials:1108} - Found credentials from IAM Role: AmazonSSMRoleForInstancesQuickSetup\n'
'2023-05-15 21:28:50,168 INFO sqlalchemy.engine.base.Engine \n'
' SELECT schema_name\n'
' FROM information_schema.schemata\n'
" WHERE schema_name NOT IN ('information_schema')\n"
' \n'
'[2023-05-15 21:28:50,168] INFO {sqlalchemy.engine.base.Engine:110} - \n'
' SELECT schema_name\n'
' FROM information_schema.schemata\n'
" WHERE schema_name NOT IN ('information_schema')\n"
' \n'
'2023-05-15 21:28:50,168 INFO sqlalchemy.engine.base.Engine {}\n'
'[2023-05-15 21:28:50,168] INFO {sqlalchemy.engine.base.Engine:110} - {}\n'
'[2023-05-15 21:28:50,203] ERROR {pyathena.common:420} - Failed to execute query.\n'
'Traceback (most recent call last):\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/pyathena/common.py", line 413, in _execute\n'
' query_id = retry_api_call(\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/pyathena/util.py", line 84, in retry_api_call\n'
' return retry(func, *args, **kwargs)\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/tenacity/__init__.py", line 406, in __call__\n'
' do = self.iter(retry_state=retry_state)\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/tenacity/__init__.py", line 351, in iter\n'
' return fut.result()\n'
' File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 451, in result\n'
' return self.__get_result()\n'
' File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 403, in __get_result\n'
' raise self._exception\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/tenacity/__init__.py", line 409, in __call__\n'
' result = fn(*args, **kwargs)\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/botocore/client.py", line 495, in _api_call\n'
' return self._make_api_call(operation_name, kwargs)\n'
' File "/tmp/datahub/ingest/venv-athena-0.9.1/lib/python3.10/site-packages/botocore/client.py", line 914, in _make_api_call\n'
' raise error_class(parsed_response, operation_name)\n'
'botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the StartQueryExecution operation: You are not '
'authorized to perform: athena:StartQueryExecution on the resource. After your AWS administrator or you have updated your permissions,✅ 1
l
lively-cat-88289
05/15/2023, 9:44 PMHey there 👋 I'm The DataHub Community Support bot. I'm here to help make sure the community can best support you with your request.
Let's double check a few things first: 1️⃣ There's a lot of good information on our docs site: www.datahubproject.io/docs, Have you searched there for a solution? Yes button 2️⃣ It's not uncommon that someone has run into your exact problem before in the community. Have you searched Slack for similar issues? Yes button
g
gentle-hamburger-31302
05/16/2023, 7:00 AMHi @most-byte-90620
Please double check with your IT team if you have correct permission to IAM role configured for your EC2.
It might be possible boto3 is finding credential in local ~/.aws directory and actual role assigned to EC2 is not getting utilised
m
most-byte-90620
05/19/2023, 11:47 PMthanks @curved-thailand-48451 aws sts get-caller-identity inside the container shows the correct role but athena query from cli inside container throws the same error as above. However, athena query from EC2 works fine using the same role
g
gentle-hamburger-31302
05/23/2023, 5:02 PM@most-byte-90620 Check this post might help you: https://repost.aws/questions/QUFVUZ-Q13TyCwsWHSAuhY_A/docker-is-not-able-to-pick-iam-role-when-running-on-ec2-instance