Menu
I am getting error when i call get_execution_role() from sagemaker in python.
I have attached the error for the same.
I have added the SagemakerFullAccess Policy to role and user both.
876
As a managed service, Amazon SageMaker performs operations on your behalf on the AWS hardware that is managed by SageMaker. SageMaker can perform only operations that the user permits. A SageMaker user can grant these permissions with an IAM role (referred to as an execution role).
I Am Not Authorized to Perform an Action in SageMaker If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . In the left navigation pane, choose Roles. Choose Create role. For role type, choose AWS Service, find and choose SageMaker, and then choose the SageMaker - Execution use case.
Amazon SageMaker is a managed service in the Amazon Web Services (AWS) public cloud. It provides the tools to build, train and deploy machine learning (ML) models for predictive analytics applications. The platform automates the tedious work of building a production-ready artificial intelligence (AI) pipeline.
get_execution_role() is a function helper used in the Amazon SageMaker Examples GitHub repository.
These examples were made to be executed from the fully managed Jupyter notebooks that Amazon SageMaker provides.
From inside these notebooks, get_execution_role() will return the IAM role name that was passed in as part of the notebook creation. That allows the notebook examples to be executed without code changes.
From outside these notebooks, get_execution_role() will return an exception because it does not know what is the role name that SageMaker requires.
To solve this issue, pass the IAM role name instead of using get_execution_role().
Instead of:
role = get_execution_role()
kmeans = KMeans(role=role,
train_instance_count=2,
train_instance_type='ml.c4.8xlarge',
output_path=output_location,
k=10,
data_location=data_location)
you need to do:
role = 'role_name_with_sagemaker_permissions'
kmeans = KMeans(role=role,
train_instance_count=2,
train_instance_type='ml.c4.8xlarge',
output_path=output_location,
k=10,
data_location=data_location)
I struggled with this for a while and there are a few different pieces but I believe these are the steps to solve (according to this doc)
You must add a role to your aws config file. Go to terminal and enter:
~/.aws/config
Add your own profile
[profile marketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadmin
source_profile = default
Then Edit Trust Relationships in the AWS Dashboard:
add this and update:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com",
"AWS": "arn:aws:iam::XXXXXXX:user/YOURUSERNAME"
},
"Action": "sts:AssumeRole"
}
]
}
Lastly, I clicked the link that says
Give this link to users who can switch roles in the console
After adding my credentials - it worked.
10
thanks for trying out SageMaker!
The exception you are seeing already suggests the reason. The credentials you are using are not a role credentials but most likely a user. The format of 'user' credentials will look like:
'arn:aws:iam::accid:user/name' as opposed to a role: 'arn:aws:iam::accid:role/name'
Hope this helps!
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
