You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current behavior requires providing either long-term or short-term combo in the configs.
Running without them yields following error:
// Error
org.apache.kafka.common.config.ConfigException: Either {aws.access.key.id, aws.secret.access.key} or {aws.sts.role.arn, aws.sts.role.session.name} should be set
Attempting to assume a role using an assumed role does not work either (and even if it did doesn't feel elegant)
// config sample:
{
"aws.sts.role.arn":"arn:aws:iam::XXXX:role/XXX-ecs-instance-role",
"aws.sts.role.session.name":"aiven-connect-s3"
}
// Error
com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:sts::XXX:assumed-role/XXX-ecs-instance-role/i-0eXXXXXXXX is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXX:role/XXX-ecs-instance-role (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: <>; Proxy: null)
Or am I missing something? Thanks!
The text was updated successfully, but these errors were encountered:
AWS ECS Task or (likely) EKS pod IAM credentials provided via container env variables that allow S3 access fails.
IAM:
Should this support mounted IAM/STS credentials vs having to define explicitly long-term or short-term: https://github.com/aiven/s3-connector-for-apache-kafka#credentials
ECS Task IAM Ref: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
EKS Service Account Ref: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
Current behavior requires providing either long-term or short-term combo in the configs.
Running without them yields following error:
Attempting to assume a role using an assumed role does not work either (and even if it did doesn't feel elegant)
Or am I missing something? Thanks!
The text was updated successfully, but these errors were encountered: