IRSA for S3 Bucket Storage #265
Comments
|
Hi @RileyLeo, Thanks for reaching out. I don't know about IRSA and how to integrate it with Waffle (the Elixir lib I'm using for file upload). But it seems it doesn't work out of the box. Maybe just missing a configuration, maybe some code or maybe even not implemented in Waffle. I have many other improvements I'm working on, would love some help in investigating this. In middle term, I'm thinking of changing the project storage from S3 to PostgreSQL Large Object storage to ease the installation, but now in the next few months... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just want to confirm if there is support for AWS IRSA for S3 Integration.
I have deployed Azimutt in AWS EKS cluster and wanted to used IRSA as a means to provide appropriate policies to interact with S3 bucket. However, when I deployed the service account with the role with the S3 roles, it seems to be defaulting to using the default node role instead.
I'd like to inquire whether the function has been implemented. If not, I would appreciate it being implemented.
Error message:
User: arn:aws:sts::XXX:assumed-role/spot_workers_c-eks-node-group is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:ap-XXX:key/XXX because no identity-based policy allows the kms:GenerateDataKey action
The text was updated successfully, but these errors were encountered: