Databricks permission issue to access S3 #1744
Comments
|
Hey @sunank200 what is this airflow instance? this doesn't appear to be a part of our CI/CD? Do we need to upload creds separately to this perhaps? |
|
@dimberman This URL is of astro-cloud as part of running example DAGs on astro-cloud. On astro cloud it's @rajaths010494 's credential. Can you confirm @rajaths010494 ? But this happens on CI/CD as well. For example https://github.com/astronomer/astro-sdk/actions/runs/4132642982/jobs/7141598599 This seems flaky. |
|
Yeah, the credentials are mine used in Astro cloud. |
|
@dimberman will be giving KT on databricks this week and cover this as well |
|
When I run this DAG locally with personal creds it runs fine, but fails in CI #1585. My best guess is that the credentials are expired for S3. I'm gonna let this run one more time and if it fails I'm going to cycle the creds. |
|
Do we have any alternatives to using personal credentials to run Databricks on the CI? |
|
@tatiana not yet, but we can discuss in our 1:1 |
|
any update on this? |
|
@tatiana @dimberman have we explored any alternatives on the solution? For example using IAM passthrough this may be an option |
|
@phanikumv I'd be happy with that! The sooner we can close this ticket and #1585, the better. |
|
I looked up for this here https://kb.databricks.com/en_US/security/forbidden-access-to-s3-data They are suggesting to use IAM roles instead of IAM keys. We might want to try this. |
Describe the bug
Currently, the CI is failing for Databricks. More details can be found at: https://astronomer.astronomer.run/dhb539ck/log?dag_id=example_load_file&task_id=load_file__23&execution_date=2023-02-08T00%3A00%3A00%2B00%3A00&map_index=-1
The text was updated successfully, but these errors were encountered: