Skip to content

Instantly share code, notes, and snippets.

@dataders

dataders/ext_vol_troubleshooting.md

Created April 3, 2024 15:54
Show Gist options
  • Save dataders/92ea5d71c51a0ff2132606175e282119 to your computer and use it in GitHub Desktop.
Save dataders/92ea5d71c51a0ff2132606175e282119 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ext_vol_troubleshooting.md

Loom overview

how to troubleshoot AWS permission errors

If you’re getting issues like below, more the Policy JSON is wrong. Here’s my advice on how to debug.

Please ensure the external volume has privileges to [write files to, list files in] the active storage location

  1. Where ever possible, avoid quotes, especially double quotes.
  2. Use a folder path prefix, /, even though it says it’s optional. This way you can use the guide and included policy wholesale instead of granting access to the entire bucket with * and having to keep modifications in your head
  3. the guide mentions that you can give Snowflake access to the entire bucket instead of specify the entire bucket * instead of
  4. Add STORAGE_AWS_EXTERNAL_ID to your EXTERNAL VOLUME DDL so you don’t have to modify the IAM Role’s Trust Relationship after every CREATE EXTERNAL VOLUME
  5. Start by editing it there AWS Policies store revisions as “versions”, so rather than creating new policies and pointing the role to it, just edit directly, you can always roll back.
  6. Be very careful in the policy JSON about how Resource names terminate
    1. For the Object permissions (Put Get and Delete ), the Resource should contain
      1. both bucket name and prefix name
      2. end with /* as in
    2. For the Bucket permissions (List and Get Location):
      1. the Resource is just the bucket name, and
      2. s3:prefix condition should be prefix with a wildcard

challenges

naming with double quotes

Maybe I’m a Snowflake newb, but….

i’m 95% certain that I created an External Volume that literally had " in the object name. renaming with _ instead of - solved this problem for me

also! BASE_LOCATION="" is different from BASE_LOCATION=''=. It must be single-quoted or else Snowflake will make a literal "directory called ""`

troubleshooting sucked with remapping external ID everytime

once I added the STORAGE_AWS_EXTERNAL_ID to the CREATE EXTERNAL VOLUME statement, my debug iterations got faster

Overloaded Terms

The error I think comes down to a struggle to disambiguate paths of things etc

  • AWS Resource Identifiers within AWS IAM Policy JSON
  • EXTERNAL VOLUME's STORAGE_BASE_URL
    • should:
      • include the bucket prefix, and
      • not include a terminating / or * wildcard
    • docs give a terminal slash in the example maybe it doesn’t matter
      • STORAGE_BASE_URL = 's3://*bucket*[/*path*/]'
  • CREATE ICEBERG TABLE ’s BASE_LOCATION is ''

so many different docs!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment