Accessing Athena from EKS using IRSA ( bucket exists in other account).


how do we access athena service from EKS using IRSA . the athena and related s3 buckets are in different account . i was reading up on setting the OIDC provider connection in the target account . but the IAM role and policy are not working. i would like to get some pointer for concrete example for this usecase. Thanks.

1 réponse

Short Description:

Accessing Amazon Athena service from Amazon Elastic Kubernetes Service (Amazon EKS) using AWS Identity and Access Management (IAM) roles for service accounts (IRSA).

Reading documentation [1] setting the OIDC provider connection in the target account, but the IAM role and policy are not working.


May I recommend the following blog which covers troubleshooting IRSA errors in Amazon EKS [2],

Use following documentation and example policies for Cross Account Setup --> Relevant IAM Permissions [3]

Cross-account access in Athena to Amazon S3 buckets - Policy example provided [4]

Lastly, this blog, "Analyze Kubernetes container logs using Amazon S3 and Amazon Athena" [5], may assist in achieving your use case.

If further assistance is required to troubleshoot a specific error received, may I recommend opening an Internal Ticket with AWS Support for further assistance.







répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions