I have two accounts, the source account (A) and the target account (B)
I have granted account (B) access to a database in account (A) via lakeformation.
In account B I accepted the resource share and can see the database and table populated in the lake formation console.
In account B I have created a resource link and granted access to my user with permissions (SUPER)
In account B when I try to query the table within the database resource link I get the following error
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ##########; S3 Extended Request ID: ########; Proxy: null), S3 Extended Request ID: ########### (Bucket: {Bucket in account A that holds shared database and tables}, Key: {path to shared table}) This query ran against the "{resource link database}" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: ##############
My account is a lake formation admin with administrator access.
The data catalogue settings in account A & B are;
Use only IAM access control for new databases: OFF Use only IAM access control for new tables in new databases: OFF Version 4
The error is showing some access denied on my S3 resource in Account A that is shared, but I do not understand how this error can come up with the above settings?
Any help is appreciated.
I have tried changing the settings - changing location of the shared table - changing the accesses on the databases for my user.
Check few things: