IAM security credentials error when trying to create DynamoDb table - amazon-web-services

I am getting the following error
"Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service"
when trying to run a request to create a table for DynamoDb
Its my first time using this, and very new to AWS, I have managed to publish an AWS Lambda function and a webHook calls it and all working fine, and in doing this I created an AWS profile so that i can publish the project
However, I'm now trying to create a table within DynamoDB, which is causing the above error :(
Its probably something simple, like I have forgotten a config value somewhere, or haven't created the user for Dynamo or something... or maybe need to activate Dynamo on my AWS account
Any help will be very much appreciated
Thank you

Related

AWS Glue AccessDeniedException Account <ID> is denied access

I am getting this message when I try to create a crawler on AWS Glue:
{"service":"AWSGlue","statusCode":400,"errorCode":"AccessDeniedException","requestId":"RequestIDNumber","errorMessage":"Account <AccountID> is denied access.","type":"AwsServiceError"}
already attached all those policies below to the IAM
All my Policies here
Already setup permissions to the AWS lake formation for the role too
Already created a custom policy kms to it too
And I am stucked, I cannot create a crawler!
I am in the root account, actually there`s no other account just the root, It's a super new account I created in AWS so I don't know what to do to be able to create this simple crawler
My ideia its to use it with dynamodb as data source
The message says there is something wrong with my account permission not with a role
Someone has an idea?
Thank you so much
Not sure the reason, but loads of people have been having this issue. You can submit a ticket through AWS account support. I actually submitted two, including one through the unpaid support version and one through my paid account. They answered both tickets.
Basically, just tell them you need access to Glue and they should alter whatever it is to give you access. Sorry it's not a better answer, but I found no other useful information anywhere.
I propose to try using a separate user and attaching the policy you created to it.

Access Denied When Create AWS Glue Crawler

I am trying to create a crawler in AWS Glue, but it gives error: {"service":"AWSGlue","statusCode":400,"errorCode":"AccessDeniedException","requestId":"<requestId>","errorMessage":"Account <accountId> is denied access.","type":"AwsServiceError"}.
This is what I've done so far:
Create a database in AWS Glue
Add tables in the database using a crawler
Name the crawler
Choose Amazon S3 as the data store and specified a path to a csv file inside a bucket in my account
Choose an existing IAM role I've created before
Choose a database I've created before
Press finish.
When I press finish, the above error is occurred.
I have grant AdministratorAccess both to IAM user and role used to create the crawler, so I assume there is no lack of permission issues. The bucket used is not encrypted and located in the same region as the AWS Glue.
I also have tried to create another database and specified a path to a different csv file but it is not solved the problem.
Any help would be very appreciated. Thanks.
I have contacted the owner (the root user) of this account and the owner asked for help to AWS Premium Support. The AWS Premium Support told us that all the required permissions to create AWS Glue Crawler are already provided and there is no SCPs attached to the account. After waiting around 7-working-day, finally I can create AWS Glue Crawler without any errors.
Unfortunately, I don't have any further information on how the AWS Premium Support solve the issue. For those of you who encounter similar errors like me, just try to contact the owner of the account, because most likely the issue is out of your control. Hope this helps in the future. Thanks.

Enabling AWS Config with CloudFormation does not work

I registered my delegated administrator account for my AWS organization successfully (I get the notification that I´m the delegated admin every time when I´m at the StackSet Console).
So I should be able to enable AWS Config with the sample template provided by AWS in the whole organization. But everytime when I run the Stackset I got the following error:
Cancelled since failure tolerance has exceeded
As I couldn´t find any more log information or similar provided by AWS I´m really confused what I´m missing.
StackSet Config
Any suggestions?
In stack instances tab look for stacks that failed and debug them separately.

ErrorMessage":"Insufficient Lake Formation permission

I was trying to edit schema from AWS Glue console.
I am getting following error while trying to save my changes.
{"service":"AWSGlue","statusCode":400,"errorCode":"AccessDeniedException","requestId":"644bfcb2-75a8-456b-b17a-e22e829345d2","errorMessage":"Insufficient Lake Formation permission(s): Required Alter on recidivism_clustering_model_output_csv","type":"AwsServiceError"}
I have provided necessary access to the s3 buckets and tables in glue using Lakeformation.
Can anyone tell me what the best way to edit schema via glue?
And wny am i getting that error?
I had to manually add my user as a database owner to the database resource. Not sure why this sometimes happens. My role is a datalake administrator but for some reason that did not work if I added my role as a Database admin then I could alter the database.
There is probably something else going on but I could not find it.

AWS Sagemaker | region specific security credentials for endpoint

I am new to AWS infra and currently doing some POC/Feasibility for new work.
So I have created a S3 bucket in Ireland server, train and publish Sagemaker endpoint in Ireland server and its giving result in Jupyter notebook there. Now I want to use that endpoint in my browser javascript library to show some graphics. When I try to test my endpoint in Postman then its giving region specific error
{
"message": "Credential should be scoped to a valid region, not 'us-east-1'.
Credential should be scoped to correct service: 'sagemaker'. "
}
My AWS account is not yet enterprise managed so I am using as 'root user', Whenever I go to my profile>Security_Credential page and generate any security credential then it always create for 'us-east-1' region, As Sagemaker is region specific service, I am not able to find the way to create region specific security key for root user, can someone please help
You should create an IAM role first that defines what should be permitted (mainly calling the invoke-endpoint API call for SageMaker runtime). Then you should create an IAM user, add the above role to that user, and then generate credentials that you can use in your Postman to call the service. Here you can find some details about the IAM role for SageMaker that you can use in this process: https://docs.aws.amazon.com/sagemaker/latest/dg/using-identity-based-policies.html
A popular option to achieve external access to a SageMaker endpoint, is to create an API Gateway that calls a Lambda Function that is then calling the invoke-endpoint API. This chain is giving you various options such as different authentication options for the users and API keys as part of API-GW, processing the user input and inference output using API-GW and Lambda code, and giving the permission to call the SageMaker endpoint to the Lambda function. This chain removes the need for the credentials creation, update and distribution.