Hello! I have a deployment up and running (mostly?) in AWS right now. However, when I am trying to run something with

pyflyte

I am getting the following error:

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNKNOWN
        details = "failed to create a signed url. Error: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity

I have been double checking all the SAs and everything seems to be in order but obviously I am missing something. Any pointers would be appreciated!

Did you check the trust relationship on both roles? https://docs.flyte.org/en/latest/deployment/aws/manual.html#oidc-provider-for-the-eks-cluster

Yeah, the trust relationships look right on

flyte-user-role

and

iam-role-flyte

The ODIC provider is also created in the cluster.

it has to be the role / service account for the FlyteAdmin pod

Thanks! I was wondering what SA was being used under the hood and I couldn't find it in the logs. I'll go double check that one.

It is fine ofcourse