I'm trying to setup a datalake from AWS Lake Formation Console.
I'm following the below resource to do the same: https://aws.amazon.com/blogs/big-data/integrating-aws-lake-formation-with-amazon-rds-for-sql-server/
But in second step while creating db, after entering db name and selecting s3 location, I'm getting
Insufficient Lake Formation permission(s) on s3:
I checked my permissions, I have admin role mapped to my account which allows all (*)
Can anyone help what's the actual issue!
On
If you have declared some resource(IAM role / User) as lake formation administrator, you won't be able to create a Glue database from the lake formation console, Even though you have AWS account administrator access. It will work if you try creating using lake formation admin resource permissions.
On
As error states "Insufficient Lake Formation permission(s) on s3"
This implies you have to give your role/user the permission to access s3 bucket. There for first you have to go to "Lake Formation" => Under "Permissions" tab => Select "Data locations" and then register your S3 location.
After this step you can go and create your DB.
If you use SageMaker, when query Athena and get stuck with "AWS Lake Formation: Insufficient Lake Formation permission(s) on temp s3:// ... AWS Glue". You should check in "Datalake permission" in LakeFormation, grant the execution role with resource database "sagemaker_data_wrangler" with full permission. This is because when SageMaker do query Athena, it will store its temporary result in database "sagemaker_data_wrangler" of Glue, so it doesn't have enough permission for storing temporary data there.
Fore more information: https://github.com/awslabs/aws-data-wrangler/issues/677