You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/10/02 07:47:50 UTC

[GitHub] [airflow] ivica-k commented on issue #11057: AWS Hook does not accept config profiles with arn_roles

ivica-k commented on issue #11057:
URL: https://github.com/apache/airflow/issues/11057#issuecomment-702581087


   Hey @TKorr it seems to me that your problem is AWS IAM related at this point.
   
   You have two roles, Assumer and Target (assumer assumes the target role). In this example, the Target role must have a Trust Relationship saying that the Assumer role is allowed to assume it.
   
   Here's an example from my IAM console
   ![Screenshot 2020-10-02 at 09 40 59](https://user-images.githubusercontent.com/13262071/94899485-b64aef80-0493-11eb-8d10-bffc3c12e250.png)
   
   In it, I am allowing `airflow_task_role` (a role under which my Airflow worker is running) to assume another role which would grant certain permissions (S3 access in my case).
   
   The issue with the missing token and STS credentials (which PR #11227 is trying to solve) only showed itself after I was able to assume the role. In your case you can't even assume the role from Airflow.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org