Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Glue: S3 event based crawler failure #33907

Closed
1 task
PatrikValkovic opened this issue Mar 25, 2025 · 2 comments
Closed
1 task

Glue: S3 event based crawler failure #33907

PatrikValkovic opened this issue Mar 25, 2025 · 2 comments
Labels
@aws-cdk/aws-glue Related to AWS Glue bug This issue is a bug. p3

Comments

@PatrikValkovic
Copy link

PatrikValkovic commented Mar 25, 2025
edited
Loading

Describe the bug

I receive an error when I try to create Glue Crawler using CfnCrawler construct.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The crawler is created as expected.

Current Behavior

The creation ends up with the error

Resource handler returned message: "SQS queue XXXXX does not exist or the role provided does not have access to it. (Service: Glue, Status Code: 400, Request ID: XXXXXX)" (RequestToken: XXXXX, HandlerErrorCode: InvalidRequest)

Reproduction Steps

I have following CDK code

const s3EventsDlq = new Queue(stack, 's3-events-dlq');
const s3EventsQueue = new Queue(stack, 's3-events-queue', {
    deadLetterQueue: {
        queue: s3EventsDlq,
        maxReceiveCount: 5,
    },
});
const s3EventsBucket = new Bucket(stack, 's3-events-bucket', {
    removalPolicy: RemovalPolicy.DESTROY,
    autoDeleteObjects: true,
});
s3EventsBucket.addEventNotification(EventType.OBJECT_CREATED, new SqsDestination(s3EventsQueue));
new CfnOutput(stack, 's3-events-bucket-name', {
    value: s3EventsBucket.bucketName,
});
const s3EventsCrawlerRole = new Role(stack, 's3-events-crawler-role', {
    assumedBy: new ServicePrincipal('glue.amazonaws.com'),
    managedPolicies: [
        ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSGlueServiceRole'),
    ],
});
s3EventsBucket.grantRead(s3EventsCrawlerRole);
s3EventsCrawlerRole.addToPolicy(new PolicyStatement({
    effect: Effect.ALLOW,
    actions: [
        'sqs:DeleteMessage',
        'sqs:GetQueueUrl',
        'sqs:ListDeadLetterSourceQueues',
        'sqs:ReceiveMessage',
        'sqs:GetQueueAttributes',
        'sqs:ListQueueTags',
        'sqs:SetQueueAttributes',
        'sqs:PurgeQueue',
    ],
    resources: [
        s3EventsQueue.queueArn,
        s3EventsDlq.queueArn,
    ],
}));
const eventsCrawler = new CfnCrawler(stack, 'events-crawler', {
    databaseName: 'mydb',
    name: 's3-events-crawler',
    role: crawlerRole.roleName,
    schemaChangePolicy: {
        deleteBehavior: 'DELETE_FROM_DATABASE',
        updateBehavior: 'UPDATE_IN_DATABASE',
    },
    schedule: {
        scheduleExpression: Schedule.cron({ minute: '0', hour: '1' }).expressionString,
    },
    tablePrefix: 'eventscrawler',
    recrawlPolicy: {
        recrawlBehavior: 'CRAWL_EVENT_MODE',
    },
    configuration: JSON.stringify({
        Version: 1.0,
        CrawlerOutput: { Tables: { TableThreshold: 2 } },
        CreatePartitionIndex: true,
    }),
    targets: {
        s3Targets: [
            {
                path: `s3://${s3EventsBucket.bucketName}/`,
                exclusions: [],
                eventQueueArn: s3EventsQueue.queueArn,
                dlqEventQueueArn: s3EventsDlq.queueArn,
            },
        ],
    },
});

Possible Solution

No response

Additional Information/Context

I managed to create the crawler manually in AWS Web Console using the same queues, role, and bucket.

CDK CLI Version

2.1006.0 (build a3b9762)

Framework Version

2.185.0

Node.js Version

v22.13.1

OS

Linux

Language

TypeScript

Language Version

TypeScript 5.8.2

Other information

No response
@PatrikValkovic PatrikValkovic added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 25, 2025
@github-actions github-actions bot added the @aws-cdk/aws-glue Related to AWS Glue label Mar 25, 2025
@PatrikValkovic
Copy link
Author

I am stupid, I used the wrong role.

@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 25, 2025
@pahud pahud added p3 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-glue Related to AWS Glue bug This issue is a bug. p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @PatrikValkovic