You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@iceberg.apache.org by "raviranak (via GitHub)" <gi...@apache.org> on 2023/04/17 12:38:30 UTC
[GitHub] [iceberg] raviranak commented on issue #7344: Using Iceberg from EKS to access resource in another aws account loads instance role by default
raviranak commented on issue #7344:
URL: https://github.com/apache/iceberg/issues/7344#issuecomment-1511261114
Hi @stevenzwu
Here is my spark-context used
from pyspark.sql import SparkSession
`
spark = SparkSession.builder \
.appName("MyApp") \
.config("spark.sql.hive.metastore.glueCatalog.enabled", "true") \
.config("spark.sql.catalog.iceberg_catalog.catalog-impl", "org.apache.iceberg.aws.glue.GlueCatalog") \
.config("spark.sql.catalog.iceberg_catalog.warehouse", "s3://internal/iceberg/warehouse/") \
.config("spark.sql.catalog.iceberg_catalog.io-impl", "org.apache.iceberg.aws.s3.S3FileIO") \
.config("spark.sql.catalog.iceberg_catalog", "org.apache.iceberg.spark.SparkCatalog") \
.config("spark.sql.catalogImplementation", "hive") \
.config("spark.hadoop.fs.s3a.aws.credentials.provider", "com.amazonaws.auth.WebIdentityTokenCredentialsProvider") \
.config("spark.sql.extensions", "org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions") \
.config("spark.jars.packages", "org.apache.hadoop:hadoop-aws:3.3.1,org.apache.spark:spark-avro_2.12:3.2.0,"
"org.apache.hadoop:hadoop-aws:3.3.1,"
"org.apache.iceberg:iceberg-spark-runtime-3.2_2.12:1.2.0") \
.config("spark.jars", "/home/ray/.ivy2/jars/org.apache.spark_spark-avro_2.12-3.2.0.jar,"
"/home/ray/.ivy2/jars/com.amazonaws_aws-java-sdk-bundle-1.11.901.jar,"
"/home/ray/.ivy2/jars/org.apache.hadoop_hadoop-aws-3.3.1.jar,"
"/home/ray/.ivy2/jars/org.apache.iceberg_iceberg-spark-runtime-3.2_2.12-1.2.0.jar,"
"https://internal.s3.amazonaws.com/iceberg/bundle-2.17.131.jar,"
"https://internal.s3.amazonaws.com/iceberg/url-connection-client-2.17.131.jar") \
.config("spark.hadoop.fs.s3a.canned.acl", "BucketOwnerFullControl") \
.config("spark.hadoop.hive.metastore.glue.catalogid", "123456789") \
.getOrCreate()
`
still facing this issue
`
software.amazon.awssdk.services.glue.model.AccessDeniedException: User: arn:aws:sts:::assumed-role/clusteri-07d3180159a814e31 is not authorized to perform: glue:GetTable on resource:
`
Can you please here as it seems role doesn't resolve to service role
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org