This is an automated email from the ASF dual-hosted git repository. eladkal pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push: new 25543846b8 docs: List permissions required to use S3 logging (#36736) 25543846b8 is described below commit 25543846b89e294fd346ac747c8ede490d685066 Author: Alex Grounds <agrou...@users.noreply.github.com> AuthorDate: Thu Jan 11 11:42:51 2024 -0600 docs: List permissions required to use S3 logging (#36736) * List permissions required to use S3 logging * Use double backticks --------- Co-authored-by: Alex Grounds <agrou...@ojo.ca> --- docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst b/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst index ca1b58abb5..f340f82cbc 100644 --- a/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst +++ b/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst @@ -77,6 +77,12 @@ Example with sample inputs eksctl create iamserviceaccount --cluster=airflow-eks-cluster --name=airflow-sa --namespace=airflow --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3FullAccess --approve +If you create your own IAM policy (as is strongly recommended), it should include the following permissions. + +- ``s3:ListBucket`` (for the S3 bucket to which logs are written) +- ``s3:GetObject`` (for all objects in the prefix under which logs are written) +- ``s3:PutObject`` (for all objects in the prefix under which logs are written) + Step2: Update Helm Chart values.yaml with Service Account ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~