https://flyte.org logo
Join Slack
Powered by
How do you set up the AWS athena provider/plugin? ...
# flyte-deployment
l
How do you set up the AWS athena provider/plugin? I followed https://docs.flyte.org/en/latest/deployment/plugins/aws/athena.html#deployment-plugin-setup-aws-athena but I'm not sure what 
Ensure that the propeller has the correct service account for Athena.
means
s
Have you tried using the default service account? Are you seeing any error?
l
this is using the default service account
and yea, 
Error when trying to reconcile workflow. Error [failed at Node[n0]. RuntimeExecutionError: failed during plugin execution, caused by: failed to execute handle for plugin [athena]: operation error Athena: StartQueryExecution, failed to sign request: failed to retrieve credentials: failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 400, RequestID: , api error InvalidIdentityToken: No OpenIDConnect provider found in your account for <https://oidc.eks.us-gov-west-1.amazonaws.com/id/>
k
need to update the role that propeller is using
give it the permission to access the athena
l
is that the AWS iam role? or the service account
k
aws Iam role
l
I added AmazonAthenaFullAccess to the iam-role-flyte. and still running into that issue. is there some weird refresh I need to do?
k
maybe try to restart the propeller
l
did that too and still saw the error
k
cc @Haytham Abuelfutuh
l
not really sure what other explicit perms I need to add.
also added AWSQuicksightAthenaAccess to get the 
athena:StartQueryExecution
perms
k
does it work now?
l
yes
s
@Laura Lin, mind creating an issue? If you could also contribute, that'd be amazing!
17 Views
Open in Slack
PreviousNext
Powered by