Hey, After creating new custom docker image I’m getting permission denied for the S3 script, any idea what I’ve probably missed in the custom image that I should add?

You are getting an access denied on the ListObjectsV2 operation, you can check that: • The pod is getting annotated with the IAM role that you are expecting • That role has the correct policy in place to access the bucket and it's objects The image itself shouldn't matter because the role is getting assumed by the pod, but possibly you have hard-coded credentials in your image which are overriding it..

@tall-ram-83532 So I’ve actually added

RUN sudo useradd -u 1001 flytekit
RUN sudo chown flytekit: /root
USER flytekit

To the end of my docker image as I saw the image below but now I’m seeing another error (test_flow error) - my file name is test_flow

Looks like it's still "Access Denied"... Make sure that the pod that runs the actual task has permissions to the bucket: 1. Verify the actual role that the pod is supposed to be getting. You can do this for pods which have already finished as well, if you have access to kubectl for the cluster. 2. Go to AWS Console -> IAM -> roles and find the role. Look carefully at the policy associated with it, and make sure that it has the "ListObjectsV2" permission for the bucket.

Hello everyone, is there any update on this thread? I am having the very same issue in my deployment.

Hi @future-grass-29161, have you checked the role of the pod and the policy of that role?

Hi @tall-ram-83532, no, I have not checked the role of the pod. because a. it's an on-prem installation, so I am using MinIo. b. I have already verified that the MinIo is accessible from simple python code with Boto3 library (with pwd based authentication). So, it's unlikely that the role or the policy could be an issue here.

Oh ok, not sure I can be much help then, I'm not familiar with MinIo..

no worries. thanks for trying 🙂