amazon web services - S3 to Redshift : Copy with Access Denied -


we used copy files s3 redshift using copy command every day, bucket no specific policy.

copy schema.table_staging      's3://our-bucket/x/yyyy/mm/dd/'      credentials 'aws_access_key_id=xxxxxx;aws_secret_access_key=xxxxxx'      csv      gzip      delimiter '|'      timeformat 'yyyy-mm-dd hh24:mi:ss';

as needed improve security of our s3 bucket, added policy authorize connections either our vpc (the 1 use our redshift cluster) or specific ip address.

{ "version": "2012-10-17", "id": "s3policyid1", "statement": [     {         "sid": "denyallexcept",         "effect": "deny",         "principal": "*",         "action": "s3:*",         "resource": [             "arn:aws:s3:::our-bucket/*",             "arn:aws:s3:::our-bucket"         ],         "condition": {             "stringnotequalsifexists": {                 "aws:sourcevpc": "vpc-123456789"             },             "notipaddressifexists": {                 "aws:sourceip": [                     "12.35.56.78/32"                 ]             }         }     } ] }

this policy works accessing files ec2, emr or our specific address using aws cli or boto python library.

here error have on redshift :

error: s3serviceexception:access denied,status 403,error accessdenied,rid xxxxxx,canretry 1 détail :  ----------------------------------------------- error:  s3serviceexception:access denied,status 403,error accessdenied,rid xxxxxx,canretry 1 code:      8001 context:   listing bucket=our-bucket prefix=x/yyyy/mm/dd/ query:     1587954 location:  s3_utility.cpp:552 process:   padbmaster [pid=21214] -----------------------------------------------

many in advance if can on this,

damien

ps : question quite similar 1 : copying data s3 redshift - access denied

you need use 'enhanced vpc routing' feature of redshift. documentation here:

  1. when use amazon redshift enhanced vpc routing, amazon redshift forces copy , unload traffic between cluster , data repositories through amazon vpc.

  2. if enhanced vpc routing not enabled, amazon redshift routes traffic through internet, including traffic other services within aws network.

  3. for traffic amazon s3 bucket in same region cluster, can create vpc endpoint direct traffic directly bucket.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more