Channels
#ask-the-community
Title
s
seunggs
09/23/2022, 12:24 AMBeen struggling with s3 PutObject access denied issue for days now (@Yee I’m posting a new one here because the existing Slack thread won’t load for me for some reason). Any idea why having a service account with the
flyte-user-rolek
Ketan (kumare3)
09/23/2022, 12:35 AM
@seunggs what do you mean by attached as an annotation?
are you using IAM for ServiceACcounts in AWS
or using kIAM?
s
seunggs
09/23/2022, 12:37 AMI’m using IAM for ServiceAccounts in AWS. And so my SA looks like this
Copy code
apiVersion: v1
imagePullSecrets:
- name: gcr-json-key
kind: ServiceAccount
metadata:
annotations:
<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: arn:aws:iam::xxx:role/flyte-user-role
name: flyte-executor
namespace: shelly-robotics-bipedal-robot-developmentk
Ketan (kumare3)
09/23/2022, 12:38 AM
did you pass the service-account when you execute,
from launch-form, set the value
s
seunggs
09/23/2022, 12:38 AMYes
As per @Yee’s suggestion, I created a temporary pod in the same namespace and exec’d into the pod and ran aws cli command to add something to a bucket and it worked fine, but it won’t work from the dashboard
k
Ketan (kumare3)
09/23/2022, 12:38 AM
hmm
that is odd
how can i help in that?
s
seunggs
09/23/2022, 12:39 AMIt is really strange - seems like this should work
k
Ketan (kumare3)
09/23/2022, 12:39 AM
just ensure that your pod did infact get the account
ohh one last thing can be, version of aws cli
or try using fsspec plugin
s
seunggs
09/23/2022, 12:39 AMaws cli?
k
Ketan (kumare3)
09/23/2022, 12:40 AM
that is installed in your dockerfile
s
seunggs
09/23/2022, 12:40 AMYou mean a version mismatch?
k
Ketan (kumare3)
09/23/2022, 12:40 AM
ya for aws oidc you need a newer version maybe
s
seunggs
09/23/2022, 12:40 AMhmm
OK I’ll check that out - thanks
4 Views