Hi there. I’m using Dremio for first time. A bit of context:
-
I need to get access to a S3 bucket in AWS Account 1 using a Dremio role in AWS Account 2
-
The bucket policy in AWS Account1 has the right permissions for the role used in AWS Account 2, see below:
{ "Sid": "DremioS3Access01", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::Account2:role/DremioRoleAccount2", }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::S3-BucketName-Account1/*" }, { "Sid": "DremioS3Access02", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::Account2:role/DremioRoleAccount2", }, "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::S3-BucketName-Account1" } -
The dremio role in Account2 has the following permissions to access the S3 bucket in Account1
"Sid": "", "Effect": "Allow", "Action": [ "s3:List*", "s3:Get*" ], "Resource": [ "arn:aws:s3::::S3-BucketName-Account1/*", "arn:aws:s3::::S3-BucketName-Account1" ] -
I’ve tested via the aws cli that assuming the dremio role in Account2, I can list the S3 bucket in Account1.
-
Now, when I tried to add a source in Dremio UI > Advanced Options > Root Path as: /S3-BucketName-Account1, I get the following error:
com.dremio.plugins.util.ContainerNotFoundException: Unable to find bucket named S3-BucketName-Account1.
I’m running out of ideas or ways how to solve this issue. Am I missing any permission? or the way I’m adding the source using the Dremio UI needs to be done differently?
Any help would be highly appreciate.
Thanks