How do I troubleshoot errors when I import data into my Amazon SageMaker Studio using SageMaker Data Wrangler?

3 minute read

I'm getting errors when I try to import data from Amazon Simple Storage Service (Amazon S3) or Amazon Athena using Amazon SageMaker Data Wrangler.

Resolution

Lifecycle permission error

When you try to import data from Amazon Athena into Data Wrangler, you might get the following error:

S3LifecyclePermissionError: You don't have permission to read expiration rules from the bucket that you specified.

This error occurs because the SageMaker execution role associated with the user profile doesn't have the required permissions to access the Amazon S3 Lifecycle configurations for managing data retention and expiration.

To resolve this error, add the following AWS Identity and Access Management (IAM) policy to the SageMaker execution role (Example: AmazonSageMaker-ExecutionRole-xxxxxxxxxxxxxxx):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "LifecycleConfig",
      "Effect": "Allow",
      "Action": [
        "s3:GetLifecycleConfiguration",
        "s3:PutLifecycleConfiguration"
      ],
      "Resource": "*"
    }
  ]
}

For Resource, you can include only those Region-specific buckets that must be accessed. GetBucketLifecycleConfiguration returns the lifecycle configuration information set on the bucket, while PutBucketLifecycleConfiguration creates a new Lifecycle configuration for the bucket.

Access denied error

You might get the following error when you run a processing job with unencrypted output settings.

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied

You might get this error because of the following reasons:

The SageMaker execution role doesn't have the required permissions to perform S3 operations.
Either the S3 bucket policy or Amazon Virtual Private Cloud (Amazon VPC) endpoint policy has explicitly denied permissions for PutObject. This might be the case if you enforced only encrypted connections to the S3 bucket by providing a specific AWS Key Management Service (AWS KMS) key.

To resolve this error, do the following:

Check if the SageMaker execution role has minimum permissions for S3 bucket operations:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:ListBucket",
        "s3:CreateBucket",
      ],
      "Resource": [
        "arn:aws:s3:::sagemaker-us-east-1-1111222233334444",
        "arn:aws:s3:::sagemaker-us-east-1-1111222233334444/*"
      ]
    }
  ]
}

Be sure that S3 bucket policy or VPC endpoint policy doesn't explicitly deny the required permissions for S3 operations.
Consider passing the AWS KMS key to the processing job that allows to decrypt objects in the S3 bucket from where the data is imported.
Consider using a different S3 bucket for importing your data that's encrypted at rest using the Amazon S3 server-side encryption.

Topics

Machine Learning & AI

Relevant content

SageMaker Data Wrangler UI Features
Accepted Answer
zzzz8888
asked 2 years ago
Incorporate SageMaker Data Wrangler into SageMaker Pipelines
AWS-User-0624041
asked 2 months ago
How to use Azure data lake with Sagemaker data wrangler
Accepted Answer
rePost-User-4855227
asked 10 months ago
SageMaker Studio Data Wrangler: "An unexpected error has occurred."
mmmac
asked 6 months ago
How to terminate Data Wrangler Interactive ml.m5.4xlarge sagemaker instance?
priromauld
asked 10 months ago
How do I use Amazon SageMaker Python SDK local mode with SageMaker Studio?
AWS OFFICIALUpdated a year ago
How do I troubleshoot issues when bringing my custom container to Amazon SageMaker Studio?
AWS OFFICIALUpdated a year ago
How do I import data into my Amazon RDS DB instance?
AWS OFFICIALUpdated 7 months ago
How do I troubleshoot issues when I access an Amazon SageMaker Project in SageMaker Studio?
AWS OFFICIALUpdated a year ago
Build and Deploy Models Leveraging Cancer Gene Expression Data With SageMaker Pipelines and SageMaker Multi-Model Endpoints
EXPERT
Joshua_B
published 2 years ago