terraform-provider-aws icon indicating copy to clipboard operation
terraform-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Bug]: error 400 when getting glue connection

Open cristian98149 opened this issue 2 months ago • 1 comments

Terraform Core Version

1.10.0

AWS Provider Version

5.78.0

Affected Resource(s)

I've a resource data for a aws_glue_connection.

During terraform plan I get the error:

Error: listing tags for Glue Connection (arn:aws:glue:REGION:ACCOUNT_ID:connection/CONNECTION_NAME): operation error Glue: GetTags, https response error StatusCode: 400, RequestID: fd918e46-d40f-43c7-bf8e-4725c936e4d0, api error AccessDeniedException: User: arn:aws:iam::ACCOUNT_ID:user/USERNAME is not authorized to perform: glue:GetConnection on resource: arn:aws:glue:REGION:ACCOUNT_ID:catalog with an explicit deny in an identity-based policy

My IAM policy is configured in this way:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor1",
	    "Effect": "Allow",
	    "Action": "glue:GetConnection",
	    "Resource": "*"
	}
    ]
}

If I try to get the glue connection using AWS CLI with the same user, no error is given and I'm able to see the details for that connection.

Also, If a give admin permissions to the user, the error doesn't happen.

Expected Behavior

Get Glue Connection info.

Actual Behavior

During terraform plan I get the error:

Error: listing tags for Glue Connection (arn:aws:glue:REGION:ACCOUNT_ID:connection/CONNECTION_NAME): operation error Glue: GetTags, https response error StatusCode: 400, RequestID: fd918e46-d40f-43c7-bf8e-4725c936e4d0, api error AccessDeniedException: User: arn:aws:iam::ACCOUNT_ID:user/USERNAME is not authorized to perform: glue:GetConnection on resource: arn:aws:glue:REGION:ACCOUNT_ID:catalog with an explicit deny in an identity-based policy

Relevant Error/Panic Output Snippet

Error: listing tags for Glue Connection (arn:aws:glue:REGION:ACCOUNT_ID:connection/CONNECTION_NAME): operation error Glue: GetTags, https response error StatusCode: 400, RequestID: fd918e46-d40f-43c7-bf8e-4725c936e4d0, api error AccessDeniedException: User: arn:aws:iam::ACCOUNT_ID:user/USERNAME is not authorized to perform: glue:GetConnection on resource: arn:aws:glue:REGION:ACCOUNT_ID:catalog with an explicit deny in an identity-based policy

Terraform Configuration Files

data "aws_glue_connection" "main" { id = "<AWS_ACCOUNT_ID>:<GLUE_CONNECTION_NAME>" }

Steps to Reproduce

Plan a tf file with the resource reported above.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

cristian98149 avatar Dec 06 '24 11:12 cristian98149