Access Denied for Glue_Job in terraform

Question

I tried to use resource aws_glue_job, but as soon as it's prepared to be launched, an error is shown as follows:

│ Error: error creating Glue Job (job): AccessDeniedException: Account 411xxxxxxxx (Account id) is denied access.
│ 
│   with aws_glue_job.job,
│   on main.tf line 94, in resource "aws_glue_job" "job":
│   94: resource "aws_glue_job" "job" {

I checked the policies and apparently is okay. What might be doing it?

Is this cross-account? Also you might want to check if it is available in the region you want to create it in. — Marko E, Jul 26 '22 at 16:16
@MarkoE it's not cross-account. I'm doing it on us-east-2 region. I created all the rest in this same region like bucket, crawler, etc — Felipe Lobatinho, Jul 26 '22 at 16:31
Without more context it's almost impossible to make an assumption let alone answer the question. Can you add the code to the question? — Marko E, Jul 27 '22 at 07:43
We're having the same problem since yesterday in region us-east-1. Nothing changed, suddenly we cannot start our Glue jobs anymore with this error: Failed to start job [gluestudio-service.us-east-1.amazonaws.com] startJobRun: AccessDeniedException: Account is denied access. (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: ; Proxy: null) — mikey, Jul 28 '22 at 10:37
@mikey I silves by creatina a New account and It worked. In my case, the account was used for testa. If your account is used for the Company I recommend you to talk tô te support team from AWS and give further details about it — Felipe Lobatinho, Jul 29 '22 at 11:34
@FelipeLobatinho We have created a new account. First, it did work. After rolling out our components via Terraform, it was blocked again (for all sub-accounts of our org although only one accounts has been provisioned with Terraform). — mikey, Aug 16 '22 at 10:24

Felipe Lobatinho · Accepted Answer · 2022-07-29T16:09:11.057

0

For some reason my issue was solved by creating and using a new account. This account being used previously was for test, that is why I did have no problems by changing It to a new one

edited Jul 29 '22 at 16:09

answered Jul 29 '22 at 11:40

Felipe Lobatinho

3
3

score 0 · Answer 2 · answered Aug 10 '22 at 14:38

We still have the same problem; even with sub-accounts of a totally new account. It seems like more and more people have the same issue:

score 0 · Answer 3 · answered Jan 25 '23 at 00:54

I had the exact same problem. Logging with TF_LOG (debbuging_terraform) helped me to be sure that this was not being caused by anything that I could fix. If you have already verified policies (For example I attached AWSGlueConsoleFullAccess policy to the role creating glue job) and you have also verified that aws provider is correct, see: provider. You can open a ticket with billing & account and they will escalate this properly. They helped me and now I am able to create glue jobs again with the same account.

Access Denied for Glue_Job in terraform

3 Answers3