aijunpeng
commented
2 years ago Thanks for reporting the issue. I assume the account you deployed the solution already has lake formation configured. We are aware that if the glue legacy roles were changed in your account you may encounter the glue permission issue when deploying the solution. To fix it, you should grant IAM access for new databases and new tables in databases in lake formation (see screenshot below). Also can you elaborate the steps for "one must be attentive to when the role is created to go to the Datalake console and grant it the access needed to the database created"? Particularly what access did you grant to which role? Did it solve the problem? Screenshots would be helpful.
I deployed the solution on AWS Cloudformation, which turned out to be not as smooth as it seemed to be. Issues:
Since Datalake automatically adds a layer of protection on its databases and tables, one must be attentive to when the role is created to go to the Datalake console and grant it the access needed to the database created. Otherwise, on this step it will throw error:
"Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on aws_codebuild_metrics_table. Additionally, the template creates so many roles that it's hard to be sure regarding which role should be assigned the permissions.awsdatacatalog.aws_devops_metrics_db_so0143.code_deployment_detail_view does not existWhich makes sense, since when I go to the tables in databases, it shows the following two, missing aws_devops_metrics_db_so0143.code_deployment_detail_view ws_devops_metrics_db_so0143.code_build_detail_view.
To Reproduce Deploy your stack using the cloudformation template linked
Expected behavior Tables should be created properly so dashboards can be fed.
Please complete the following information about the solution: