Re: [I] Performing any transactions in MinIO server like creating tables throws "Unable to process: Failed to get subscoped credentials" [polaris]

Tue, 18 Mar 2025 06:27:25 -0700 


george-zubrienko commented on issue #1146:
URL: https://github.com/apache/polaris/issues/1146#issuecomment-2733186619

   > [@george-zubrienko](https://github.com/george-zubrienko) Hmm, even having 
the dummy role and setting those env vars, I got the same error. FYI, this is 
my Polaris CLI to create a default catalog, which works fine: `./polaris 
--client-id ${CLIENT_ID} --client-secret ${CLIENT_SECRET} catalogs create 
--storage-type s3 --role-arn arn:aws:iam::000000000000:role/polaris-access-role 
--default-base-location s3://minio-bucket default`
   > 
   > But even the simple create table throws the same error as stated in 
description. Happy to connect in slack. Did you try to create a simple table, 
after your catalog gets created, which is the source of the error?
   
   We have over 300 tables there, so yeah, I tried all of it, and it works. 
However, I do remember struggling with STS a bit. I collected all the necessary 
info below:
   
   First, make sure your polaris user (we use local user for this) has similar 
permissions (note explicit STS permission):
   
   
![Image](https://github.com/user-attachments/assets/f7c0f6b6-742f-4f5e-b717-a6e9f9204f2f)
   
   Second, we have these set on polaris server container (note username/secret 
are used, not access key):
   ```
   AWS_ACCESS_KEY_ID : <minio-user-name>
   AWS_ENDPOINT_URL_S3 : https://our-polaris-url
   AWS_ENDPOINT_URL_STS : https://our-polaris-url
   AWS_REGION : us-east-1
   AWS_SECRET_ACCESS_KEY : <minio-user-secret>
   ```
   
   You can also check this [docker-compose 
setup](https://github.com/SneaksAndData/arcane-stream-microsoft-synapse-link/blob/main/docker-compose.yaml)
 for a bit older build of Polaris, but the idea is the same. They don't use 
dropwizard so no need for `-Ddw...` stuff now :)
   
   You can find me in Slack by using my corp mail `[email protected]` - throw me a 
DM and we can agree on some time to chat, if you still have issues.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to