[Flyte on AWS issue] Hey all, have a naive questio...
# ask-the-community
[Flyte on AWS issue] Hey all, have a naive question, which folks here might be able to answer quickly. I’m running
flytectl register files --project flytesnacks --domain development --archive flyte-package.tgz --version v1
to run the example flyte wf on flyte in my AWS cluster, but root issue: Flyteadmin is having an issue registering workflows, it’s giving me:
400, request id: 4f2d416c-94bb-40dd-9972-e89e7d9cb0db and base container: s3://<my s3 bucket name>","ts":"2022-08-11T14:20:02-04:00"}
what I think is missing: I think this is an access issue. I have an S3 bucket with an IAM managed policy allowing access to all S3 operations, and then I associate the policy with the Flyte system role I created here https://docs.flyte.org/en/latest/deployment/aws/manual.html#flyte-system-role. I think that’s all the necessary setup needed; but I’m unclear how Flyteadmin actually associates the role as we don’t specify that anywhere. Does anyone know how to resolve this or any other tips?
ohh you need to add it to the flyteadmin service account
cc @Yee / @Prafulla Mahindrakar check this - I think we should just have one role for the entire system
Hey that makes sense. I created the service accounts using IaC so the names were different. I changed the names everywhere where it iam-role-flyte appears but it still doesn’t work. Any other tips?
That should already be added if you have used this values file https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values-eks.yaml#L24 @allen Can you check the annotation on the service account
We have segregated into just two roles one system role for flyte pods and another for user pods.
Ohh my bad
Thanks guys that makes sense. I had to change the names since they were different for my config. What is the EKS Cluster role and IAM NodeRole for Flyte useful for? Are they strictly necessary
Hi @allen those are base roles required on amazon EKS cluster .https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html and its not specific to flyte deployments. We included that as part of the flyte aws docs to make it self sufficient.
👍 1