Accessing Athena from EKS using IRSA ( bucket exists in other account).


how do we access athena service from EKS using IRSA . the athena and related s3 buckets are in different account . i was reading up on setting the OIDC provider connection in the target account . but the IAM role and policy are not working. i would like to get some pointer for concrete example for this usecase. Thanks.

1 Risposta

Short Description:

Accessing Amazon Athena service from Amazon Elastic Kubernetes Service (Amazon EKS) using AWS Identity and Access Management (IAM) roles for service accounts (IRSA).

Reading documentation [1] setting the OIDC provider connection in the target account, but the IAM role and policy are not working.


May I recommend the following blog which covers troubleshooting IRSA errors in Amazon EKS [2],

Use following documentation and example policies for Cross Account Setup --> Relevant IAM Permissions [3]

Cross-account access in Athena to Amazon S3 buckets - Policy example provided [4]

Lastly, this blog, "Analyze Kubernetes container logs using Amazon S3 and Amazon Athena" [5], may assist in achieving your use case.

If further assistance is required to troubleshoot a specific error received, may I recommend opening an Internal Ticket with AWS Support for further assistance.







con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande