cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Machine Learning
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

when we are trying to create folder/file or list file using dbutils we are getting forbidden error in aws

karthik_p
Esteemed Contributor

‎04-05-2023 05:19 AM

HI Team,

we have created new premium workspace with custom managed vpc, workspace deployed successfully in AWS. we are trying to create folder in dbfs, we are getting below error. we have compared cross account custom managed role (Customer-managed VPC with custom policy restrictions), but still we are getting "GetObjectMetadataRequest" forbidden. i am not seeing issue in terms of permissions, did anything had been updated from databricks metastore end .

Caused by: java.nio.file.AccessDeniedException: s3a://xxxxx/nvirginia-prod/xxxx.meta/mounts: 

getFileStatus on s3a://xxxxx nvirginia-prod/xxxx.meta/mounts: 

com.amazonaws.services.s3.model.AmazonS3Exception:

Forbidden; request: HEAD https://xxxx nvirginia-prod/xxxxx.meta/mounts {} Hadoop 2.7.7, aws-sdk-java/1.12.261 Linux/5.4.0-1096-aws OpenJDK_64-Bit_Server_VM/25.342-b07 java/1.8.0_342 scala/2.12.15 kotlin/1.6.21 vendor/Private_Build cfg/retry-mode/legacy com.amazonaws.services.s3.model.GetObjectMetadataRequest; Request ID: xxxx, Extended Request ID: xxxxx, Cloud Provider: AWS, Instance ID: i-xxxx 

(Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: xxxxx; S3 Extended Request ID: xxxxx=; Proxy: null)

, S3 Extended Request ID: xxxxxxx=:403 Forbidden

6 REPLIES 6

Debayan
Esteemed Contributor III
Esteemed Contributor III

‎04-05-2023 10:48 PM

Hi, The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it. Could you please check the S3 permissions and other related permissions in IAM?

Also, please tag @Debayan​ with your next response which will notify me. Thank you!

0 Kudos

karthik_p
Esteemed Contributor
In response to Debayan

‎04-06-2023 05:44 AM

@Debayan Mukherjee​ yes, we have compared IAM cross account role and bucket permissions, everything looks good as per databricks recommendations . we have picket custom vpc policy and applied that

0 Kudos

karthik_p
Esteemed Contributor

‎04-07-2023 07:31 AM

@Debayan Mukherjee​ client is still in free version, within 3 days it will be converted to premium. Is above issue because of free tier

0 Kudos

Debayan
Esteemed Contributor III
Esteemed Contributor III
In response to karthik_p

‎04-10-2023 10:04 PM

@karthik p​ Can you please check and confirm now?

0 Kudos

karthik_p
Esteemed Contributor

‎04-17-2023 01:45 PM

@Debayan Mukherjee​ Issue resolved, looks cloud team have not updated required security groups that has been shared, after revisiting them we are able to find missing security groups and added them

0 Kudos

Debayan
Esteemed Contributor III
Esteemed Contributor III
In response to karthik_p

‎04-17-2023 10:02 PM

@karthik p​ , Thanks for the confirmation. Glad to know!

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.