https://flyte.org logo
Join Slack
Powered by
Been struggling with s3 PutObject access denied is...
# flyte-support
s
Been struggling with s3 PutObject access denied issue for days now (@thankful-minister-83577 I’m posting a new one here because the existing Slack thread won’t load for me for some reason). Any idea why having a service account with the 
flyte-user-role
(which has full s3 access) attached as an annotation still gives me PutObject access denied error?
f
@sticky-angle-28419 what do you mean by attached as an annotation?
are you using IAM for ServiceACcounts in AWS
or using kIAM?
s
I’m using IAM for ServiceAccounts in AWS. And so my SA looks like this
Copy code
apiVersion: v1
imagePullSecrets:
- name: gcr-json-key
kind: ServiceAccount
metadata:
  annotations:
    <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: arn:aws:iam::xxx:role/flyte-user-role
  name: flyte-executor
  namespace: shelly-robotics-bipedal-robot-development
f
did you pass the service-account when you execute,
from launch-form, set the value
s
Yes
As per @thankful-minister-83577’s suggestion, I created a temporary pod in the same namespace and exec’d into the pod and ran aws cli command to add something to a bucket and it worked fine, but it won’t work from the dashboard
f
hmm
that is odd
how can i help in that?
s
message has been deleted
It is really strange - seems like this should work
f
just ensure that your pod did infact get the account
ohh one last thing can be, version of aws cli
or try using fsspec plugin
s
aws cli?
f
that is installed in your dockerfile
s
You mean a version mismatch?
f
ya for aws oidc you need a newer version maybe
s
hmm
OK I’ll check that out - thanks
161 Views
Open in Slack
PreviousNext
Powered by