Troubleshooting permissions while connecting SageMaker to EMR Cluster

Question

Troubleshooting permissions while connecting SageMaker to EMR Cluster

Closed this issue a month ago · 3 comments

aiqc commented a month ago

Question

How can I authorize my SageMaker Studio notebook to connect to my EMR Cluster?

Other Details

https://stackoverflow.com/questions/78962340/sagemaker-emr-cluster-select-emr-runtime-role-for-cluster

Answer 1 · 2024-09-08T19:46:42.000Z

Within domain configuration, I found where the SageMaker user's EMR Assumable Role and EMR Execution Role attributes can be defined.

However, it is not clear what ARN values I should be using. Nor am I able to get the spark context working in either kernel (Glue PySpark, SparkMagic PySpark)

Answer 2 · 2024-09-08T20:46:23.000Z

I added glue to the list of services in the custom allowable policy example of the documentation and now the SparkMagic PySpark connection in the notebook works as expected. https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/getting-started.html#gs-runtime-role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EMRServerlessTrustPolicy",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "emr-serverless.amazonaws.com", #<-- the only entry in documentation
                    "glue.amazonaws.com"                   #<-- I added this entry
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Maybe that fixed it? I don't know. This was supposed to be a fun thing to explore on Friday morning, but now it's Sunday night.

Answer 3 · 2024-09-09T13:44:50.000Z

Closing this because I don't need help, but it is a pain point for sure