Hello I have a deployment up and running mostly in AWS right Flyte #flyte-deployment

Hello! I have a deployment up and running (mostly?...

stale-answer-45607

05/24/2022, 8:21 PM

Hello! I have a deployment up and running (mostly?) in AWS right now. However, when I am trying to run something with

pyflyte

I am getting the following error:

Copy code

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNKNOWN
        details = "failed to create a signed url. Error: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity

I have been double checking all the SAs and everything seems to be in order but obviously I am missing something. Any pointers would be appreciated!

big-glass-22633

05/24/2022, 9:22 PM

Did you check the trust relationship on both roles? https://docs.flyte.org/en/latest/deployment/aws/manual.html#oidc-provider-for-the-eks-cluster

stale-answer-45607

05/24/2022, 9:28 PM

Yeah, the trust relationships look right on

flyte-user-role

and

iam-role-flyte

The ODIC provider is also created in the cluster.

freezing-airport-6809

05/24/2022, 10:51 PM

it has to be the role / service account for the FlyteAdmin pod

stale-answer-45607

05/25/2022, 12:18 AM

Thanks! I was wondering what SA was being used under the hood and I couldn't find it in the logs. I'll go double check that one.

stale-answer-45607

05/25/2022, 12:19 AM

Does it matter if I have it behind a route53 zone? I feel like it shouldn't…but better to ask.

freezing-airport-6809

05/25/2022, 1:10 AM

It is fine ofcourse

379 Views

Open in Slack

Previous Next