Im doing an internship where im required to use and implement ETL using AWS Glue. I succesefully made a JDBC connection to the RDS Aurora databases that have the data, but when I tried to create a crawler, i got the following error message:
"Here is the most recent error message: Service is unable to assume provided role. Please verify role's TrustPolicy"
I assume this is an issue with the IAM role I am using, though all the ones available to me give me the same error. Is this an issue on their end they need to fix, or is there a way for me to fix it myself?
I am using the AWS Console to do this.
I chose all options available in the role section and was given the same error every time.
The error “Service is unable to assume provided role. Please verify role’s TrustPolicy” indicates that the IAM role you are using for the AWS Glue crawler lacks a proper trust relationship. This is a common issue, and you can likely resolve it yourself if you have sufficient permissions in your AWS environment.
You need to check the IAM Role you're trying to use for the crawler, and update the trusted entity within the Trust Relationships tab for the role. it should contains glue.amazonaws.com as a trusted entity
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
if you can't update it by your own, you can share the role with the people who gave it to you, and simply ask them to add the glue.amazonaws.com as a trusted entity, otherwise you'll not be able to consume it.