AWS EMR - EMR_DefaultRole has insufficient EC2 permissions

Question

I'm trying to create a new EMR cluster (tried emr-5.30.0 and emr-6.0.0 versions) but I'm receiving the validation message error: "Terminated with errorsService role EMR_DefaultRole has insufficient EC2 permissions".

I've tried this workaround https://aws.amazon.com/premiumsupport/knowledge-center/emr-default-role-invalid/ recreating the default roles for EMR but the validation message error still happening.

Any guidance or recommendations on how to resolve this issue are much appreciated!

Thank you

Answer 1

Based on https://forums.aws.amazon.com/message.jspa?messageID=947039

for me it was very helpful troubleshooting via AWS CloudTrail:

1. Navigate to the Cloudtrail console: https://console.aws.amazon.com/cloudtrail/

2. Click on Event History tab

3. Then use filter as Event Source and in Time range select the timestamp during cluster launch.

4. From the buttons on Right side, click on the Gear Icon, which is for Show/Hide columns and select the Error Code column check box.

Once all the above is done, go through the list of events and expand the one which has an ErrorCode like AccessDenied, Client.UnauthorizedOperation or any other exception.

Once you know which API call is being denied, you can then investigate further regarding the same.