# 对启用 Spark 的工作组进行故障排除
<a name="notebooks-spark-troubleshooting-workgroups"></a>

可使用以下信息在 Athena 中对启用 Spark 的工作组进行故障排除。

## 使用现有 IAM 角色时，会话会停止响应
<a name="notebooks-spark-troubleshooting-workgroups-existing-role"></a>

如果您没有为启用 Spark 的工作组创建新的 `AWSAthenaSparkExecutionRole`，而是更新或选择了现有 IAM 角色，则会话可能会停止响应。在这种情况下，您可能需要向启用 Spark 的工作组执行角色添加以下信任和权限策略。

添加以下示例信任策略。该策略包含对执行角色进行混淆代理检查。将 `{{111122223333}}`、`{{aws-region}}` 和 `{{workgroup-name}}` 的值替换为您正在使用的 Amazon Web Services 账户 ID、Amazon Web Services 区域 和工作组。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "athena.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "{{111122223333}}"
                },
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:athena:{{us-east-1}}:{{111122223333}}:workgroup/{{workgroup-name}}"
                }
            }
        }
    ]
}
```

------

为启用笔记本的工作组添加类似于以下默认策略的权限策略。修改占位符 Amazon S3 位置和 Amazon Web Services 账户 ID，使其与您正在使用的位置和 ID 相对应。将 `amzn-s3-demo-bucket`、`{{aws-region}}`、`{{111122223333}}` 和 `{{workgroup-name}}` 的值替换为您正在使用的 Amazon S3 存储桶、Amazon Web Services 区域、Amazon Web Services 账户 ID 和工作组。

------
#### [ JSON ]

****  

```
{ "Version":"2012-10-17",		 	 	  "Statement": [ { "Effect": "Allow", "Action": [
    "s3:PutObject", "s3:ListBucket", "s3:DeleteObject", "s3:GetObject" ], "Resource": [
        "arn:aws:s3:::{{amzn-s3-demo-bucket}}/*",
        "arn:aws:s3:::{{amzn-s3-demo-bucket}}" ] }, { "Effect": "Allow",
    "Action": [ "athena:GetWorkGroup", "athena:CreatePresignedNotebookUrl",
    "athena:TerminateSession", "athena:GetSession", "athena:GetSessionStatus",
    "athena:ListSessions", "athena:StartCalculationExecution", "athena:GetCalculationExecutionCode",
    "athena:StopCalculationExecution", "athena:ListCalculationExecutions",
    "athena:GetCalculationExecution", "athena:GetCalculationExecutionStatus",
    "athena:ListExecutors", "athena:ExportNotebook", "athena:UpdateNotebook" ], "Resource":
            "arn:aws:athena:{{us-east-1}}:{{111122223333}}:workgroup/{{workgroup-name}}"
    }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams",
    "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": [
            "arn:aws:logs:{{us-east-1}}:{{111122223333}}:log-group:/aws-athena:*",
            "arn:aws:logs:{{us-east-1}}:{{111122223333}}:log-group:/aws-athena*:log-stream:*"
    ] }, { "Effect": "Allow", "Action": "logs:DescribeLogGroups", "Resource":
            "arn:aws:logs:{{us-east-1}}:{{111122223333}}:log-group:*"
    }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition":
    { "StringEquals": { "cloudwatch:namespace": "AmazonAthenaForApacheSpark" } } } ] }
```

------