Hi Anuj, I recalled another ticket on this topic, which had some things to test. I don't know if that resolved the issue, can you verify it? See https://issues.apache.org/jira/browse/FLINK-31095
Best regards, Martijn On Tue, May 23, 2023 at 7:04 AM Anuj Jain <anuj...@gmail.com> wrote: > Hello, > Please provide some pointers on this issue. > > Thanks !! > > Regards > Anuj > > On Fri, May 19, 2023 at 1:34 PM Anuj Jain <anuj...@gmail.com> wrote: > >> Hi Community, >> Looking forward to some advice on the problem. >> >> I also found this similar Jira, but not sure if a fix has been done for >> the Hadoop connector - can someone confirm this. >> [FLINK-23487] IRSA doesn't work with S3 - ASF JIRA (apache.org) >> <https://issues.apache.org/jira/browse/FLINK-23487> >> >> Is there any other way to integrate Flink source/sink with AWS IAM from >> EKS ? >> >> Regards >> Anuj >> >> On Thu, May 18, 2023 at 12:41 PM Anuj Jain <anuj...@gmail.com> wrote: >> >>> Hi, >>> I have a flink job running on EKS, reading and writing data records to >>> S3 buckets. >>> I am trying to set up access credentials via AWS IAM. >>> I followed this: >>> https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html >>> >>> I have configured: >>> com.amazonaws.auth.WebIdentityTokenCredentialsProvider as the credential >>> provider in flink-conf.yaml for hadoop s3a connector, and annotated my >>> service account with the role. >>> >>> When running the job, i am getting access denied error >>> Exception: >>> Caused by: >>> com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: >>> Not authorized to perform sts:AssumeRoleWithWebIdentity (Service: >>> AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; >>> Request ID: 923df33a-802e-47e2-a203-0841aca03dd8; Proxy: null) >>> >>> I have tried to access S3 buckets from AWS CLI running in a pod with the >>> same service account and that works. >>> >>> Am I using the correct credential provider for IAM integration, not sure >>> if Hadoop S3a supports it. >>> https://issues.apache.org/jira/browse/HADOOP-18154 >>> >>> Please advise if I am doing anything wrong in setting up credentials via >>> IAM. >>> >>> Regards >>> Anuj Jain >>> >>
