问题

以三角湖格式写数据Frame内容到S3位置可引起错误:

com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3!状态代码: 403错误代码403禁止请求身份证C827672D85516BA9S3扩展请求ID

因果

A级写入三角洲湖格式操作需要权限,而其他文件格式则不需要权限三角湖需要创建delta_log目录上头写入操作也需要检查最新版本的验收日志需要为IMM和桶角色添加额外权限以使写操作成功完成

求解

添加下列权限允许写Delta表

1. 添加权限IAM策略JSON

   ["s3:PutObject","s3:DeleteObject", "s3:ListBucket", "s3:GetObject", "s3: PutObjectAcl"]

2. 添加这些权限到桶策略JSON

   ["s3:GetObject","s3:GetObjectVersion","s3:PutObject","s3:DeleteObject","s3:ListBucket","s3:GetBucketLocation"]

或用JSON格式使用IAM策略添加权限,如下表显示:

{    "Version": "2012-10-17",    "Statement": [      {        "Sid": "VisualEditor0",        "Effect": "Allow",        "Action": "s3:ListBucket",        "Resource": "arn:aws:s3:::my-bucket"      },      {        "Sid": "VisualEditor1",        "Effect": "Allow",        "Action": [            "s3:PutObject",            "s3:GetObject",            "s3:DeleteObject",            "s3:PutObjectAcl"          ],      "Resource": "arn:aws:s3:::my-bucket/subfolder/*"      }    ]  }