Hi,
From my AWS EC2 i have an AIM role which provides s3 access on machine level.
This works great from local AWS CLI.
The source gets added, but when trying to access i get:
[qtp1274672203-137] ERROR c.d.d.server.GenericExceptionMapper - Unexpected exception when processing GET http://localhost:9047/apiv2/source//folder/?nocache=1570177566465 : com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID:; S3 Extended Request ID: )
Config: No Auth, Public bucket added:
Adding keys is not an option.
I had tried adding the IAM Role to “IAM Role to Assume” - alas as the machine itself has access so i’m not sure why we’d need it
(Btw, you need to put the ARN here, but this is only from the logs, gj on the documentation and the help text )
This generates is not authorised to perform: sts:AssumeRole - Again, why not use the the default mechanism?
I just got the same error today with latest release 4.6.1
User: arn:aws:sts::xxx:assumed-role/xxx/xxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxx:role/dse-edge-dev (Service: Sts, Status Code: 403, Request ID: xxxx)
This the “AssumeRole” required. The documentation did not specify this role.
This is Dremio specific. This row has no problem access to the S3 bucket, and we have been using it for several years from both CLI and others.
The action “sts:AssumeRole” means that the service that is trying to use the role is not authorized to use it. It’s a configuration on IAM that you need to enable trusted services to use the role, probably enable EC2 to assume the role you created.
)