Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cross-Account S3 for dags and Secrets Manager for connections

0

Hi

I am really trying hard to get this one.

I have my S3 bucket for dags and secrets manager secrets for variables in account A and my MWAA environment in account B. I have given all the permissions to the MWAA execution role and set the bucket policy and secrets manager policy as well to allow my MWAA role. But my MWAA environment cannot access any of these.

So I am wondering whether MWAA actually supports cross account S3 bucket as a source bucket and cross account secrets manager to store airflow variables.

Please help me out because I have googled a lot but found nothing helpful.

Themen
Anwendungsintegration
Tags
Amazon verwaltete Workflows für Apache Airflow (MWAA)
Sprache
English
Mouzma
gefragt vor 3 Jahren1141 Aufrufe
2 Antworten
0

Hi!

The S3 bucket for DAGs must exist in the same account as the MWAA environment. This is to prevent MWAA executing code from another account.

Cross account secrets manager may work with IAM delegation https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html or by adding an explicit AWS connection via secret via the Airflow connections UI.

Thanks!

AWS
John_J
beantwortet vor 3 Jahren
0

What about KMS key? It can be cross-account. Right?

Mouzma
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt