cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enabling Object Lock for the S3 bucket that is delivering audit logs

hiro12
New Contributor

3 weeks ago

Hello Community,

I am trying to enable Object Lock on the S3 bucket to which the audit log is delivered, but the following error occurs if Object Lock is enabled when the delivery settings are enabled.

> {"error_code":"PERMISSION_DENIED","message":"Failed to perform putObject operation on s3Bucket:<bucket-name> with deliveryPathPrefix:<prefix-name> with the IAM Role:<iam-roke-arn> provided. Please all required s3 actions as mentioned in API docs to role policy of your IAM Role."}

Enabling Object Lock after enabling the delivery settings will not cause an error, but will it affect the operation? The delivery appears to be going well.

Thank you!

0 Kudos
1 REPLY 1

NandiniN
Databricks Employee
Databricks Employee

3 weeks ago

Hi @hiro12 

Enabling Object Lock on an S3 bucket after configuring the delivery settings should not affect the ongoing delivery of audit logs. But I would say, it is better to understand the root cause of the error.

The error you encountered when enabling Object Lock before configuring the delivery settings is due to insufficient permissions for the IAM role to perform the necessary S3 actions.

To avoid this error, ensure that the IAM role used for log delivery has all the required S3 actions as mentioned in the API documentation. Once the delivery settings are enabled, you can then enable Object Lock without causing any issues. The delivery process should continue to function correctly as long as the necessary permissions are in place.

Doc - https://docs.databricks.com/en/admin/account-settings/audit-log-delivery.html, https://docs.aws.amaz...

Thanks!

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements