https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
l

Laura Lin

11/03/2023, 4:00 AM
How do you set up the AWS athena provider/plugin? I followed https://docs.flyte.org/en/latest/deployment/plugins/aws/athena.html#deployment-plugin-setup-aws-athena but I'm not sure what
Ensure that the propeller has the correct service account for Athena.
means
s

Samhita Alla

11/03/2023, 6:24 AM
Have you tried using the default service account? Are you seeing any error?
l

Laura Lin

11/03/2023, 3:17 PM
this is using the default service account
and yea,
Error when trying to reconcile workflow. Error [failed at Node[n0]. RuntimeExecutionError: failed during plugin execution, caused by: failed to execute handle for plugin [athena]: operation error Athena: StartQueryExecution, failed to sign request: failed to retrieve credentials: failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 400, RequestID: , api error InvalidIdentityToken: No OpenIDConnect provider found in your account for <https://oidc.eks.us-gov-west-1.amazonaws.com/id/>
k

Kevin Su

11/03/2023, 7:35 PM
need to update the role that propeller is using
give it the permission to access the athena
l

Laura Lin

11/03/2023, 7:37 PM
is that the AWS iam role? or the service account
k

Kevin Su

11/03/2023, 7:37 PM
aws Iam role
l

Laura Lin

11/03/2023, 7:37 PM
I added AmazonAthenaFullAccess to the iam-role-flyte. and still running into that issue. is there some weird refresh I need to do?
k

Kevin Su

11/03/2023, 7:39 PM
maybe try to restart the propeller
l

Laura Lin

11/03/2023, 7:39 PM
did that too and still saw the error
k

Kevin Su

11/03/2023, 8:05 PM
cc @Haytham Abuelfutuh
l

Laura Lin

11/03/2023, 8:43 PM
not really sure what other explicit perms I need to add.
also added AWSQuicksightAthenaAccess to get the
athena:StartQueryExecution
perms
k

Kevin Su

11/07/2023, 2:40 AM
does it work now?
l

Laura Lin

11/07/2023, 3:31 AM
yes
s

Samhita Alla

11/07/2023, 6:29 AM
@Laura Lin, mind creating an issue? If you could also contribute, that'd be amazing!