https://flyte.org logo
Join Slack
Powered by
Been struggling with s3 PutObject access denied is...
# ask-the-community
s
Been struggling with s3 PutObject access denied issue for days now (@Yee I’m posting a new one here because the existing Slack thread won’t load for me for some reason). Any idea why having a service account with the 
flyte-user-role
(which has full s3 access) attached as an annotation still gives me PutObject access denied error?
k
@seunggs what do you mean by attached as an annotation?
are you using IAM for ServiceACcounts in AWS
or using kIAM?
s
I’m using IAM for ServiceAccounts in AWS. And so my SA looks like this
Copy code
apiVersion: v1
imagePullSecrets:
- name: gcr-json-key
kind: ServiceAccount
metadata:
  annotations:
    <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: arn:aws:iam::xxx:role/flyte-user-role
  name: flyte-executor
  namespace: shelly-robotics-bipedal-robot-development
k
did you pass the service-account when you execute,
from launch-form, set the value
s
Yes
As per @Yee’s suggestion, I created a temporary pod in the same namespace and exec’d into the pod and ran aws cli command to add something to a bucket and it worked fine, but it won’t work from the dashboard
k
hmm
that is odd
how can i help in that?
s
It is really strange - seems like this should work
k
just ensure that your pod did infact get the account
ohh one last thing can be, version of aws cli
or try using fsspec plugin
s
aws cli?
k
that is installed in your dockerfile
s
You mean a version mismatch?
k
ya for aws oidc you need a newer version maybe
s
hmm
OK I’ll check that out - thanks
161 Views
Open in Slack
PreviousNext
Powered by