You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by "raviranak (via GitHub)" <gi...@apache.org> on 2023/04/17 12:38:30 UTC

[GitHub] [iceberg] raviranak commented on issue #7344: Using Iceberg from EKS to access resource in another aws account loads instance role by default

raviranak commented on issue #7344:
URL: https://github.com/apache/iceberg/issues/7344#issuecomment-1511261114

   Hi @stevenzwu 
   
   Here is my spark-context used 
   from pyspark.sql import SparkSession 
   
   `
   
   spark = SparkSession.builder \
       .appName("MyApp") \
       .config("spark.sql.hive.metastore.glueCatalog.enabled", "true") \
       .config("spark.sql.catalog.iceberg_catalog.catalog-impl", "org.apache.iceberg.aws.glue.GlueCatalog") \
       .config("spark.sql.catalog.iceberg_catalog.warehouse", "s3://internal/iceberg/warehouse/") \
       .config("spark.sql.catalog.iceberg_catalog.io-impl", "org.apache.iceberg.aws.s3.S3FileIO") \
       .config("spark.sql.catalog.iceberg_catalog", "org.apache.iceberg.spark.SparkCatalog") \
       .config("spark.sql.catalogImplementation", "hive") \
       .config("spark.hadoop.fs.s3a.aws.credentials.provider", "com.amazonaws.auth.WebIdentityTokenCredentialsProvider") \
       .config("spark.sql.extensions", "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions") \
       .config("spark.jars.packages", "org.apache.hadoop:hadoop-aws:3.3.1,org.apache.spark:spark-avro_2.12:3.2.0,"
                                       "org.apache.hadoop:hadoop-aws:3.3.1,"
                                       "org.apache.iceberg:iceberg-spark-runtime-3.2_2.12:1.2.0") \
       .config("spark.jars", "/home/ray/.ivy2/jars/org.apache.spark_spark-avro_2.12-3.2.0.jar,"
                             "/home/ray/.ivy2/jars/com.amazonaws_aws-java-sdk-bundle-1.11.901.jar,"
                             "/home/ray/.ivy2/jars/org.apache.hadoop_hadoop-aws-3.3.1.jar,"
                             "/home/ray/.ivy2/jars/org.apache.iceberg_iceberg-spark-runtime-3.2_2.12-1.2.0.jar,"
                             "https://internal.s3.amazonaws.com/iceberg/bundle-2.17.131.jar,"
                             "https://internal.s3.amazonaws.com/iceberg/url-connection-client-2.17.131.jar") \
       .config("spark.hadoop.fs.s3a.canned.acl", "BucketOwnerFullControl") \
       .config("spark.hadoop.hive.metastore.glue.catalogid", "123456789") \
       .getOrCreate()
   `
   
   still facing this issue 
   `
   software.amazon.awssdk.services.glue.model.AccessDeniedException: User: arn:aws:sts:::assumed-role/clusteri-07d3180159a814e31 is not authorized to perform: glue:GetTable on resource: 
   `
   
   Can you please here as it seems role doesn't resolve to service role  


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org