https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
m

Matthew Krueger

05/24/2022, 8:21 PM
Hello! I have a deployment up and running (mostly?) in AWS right now. However, when I am trying to run something with
pyflyte
I am getting the following error:
Copy code
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNKNOWN
        details = "failed to create a signed url. Error: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
I have been double checking all the SAs and everything seems to be in order but obviously I am missing something. Any pointers would be appreciated!
r

Roberto Ruiz

05/24/2022, 9:22 PM
m

Matthew Krueger

05/24/2022, 9:28 PM
Yeah, the trust relationships look right on
flyte-user-role
and
iam-role-flyte
The ODIC provider is also created in the cluster.
k

Ketan (kumare3)

05/24/2022, 10:51 PM
it has to be the role / service account for the FlyteAdmin pod
m

Matthew Krueger

05/25/2022, 12:18 AM
Thanks! I was wondering what SA was being used under the hood and I couldn't find it in the logs. I'll go double check that one.
Does it matter if I have it behind a route53 zone? I feel like it shouldn't…but better to ask.
k

Ketan (kumare3)

05/25/2022, 1:10 AM
It is fine ofcourse
97 Views