En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

MWAA Webserver UI Forbidden

0
  1. I have created Private MWAA environment
  2. Create EC2 bastion for port forwaring
  3. Running ssh tunnel from my localhost and trying to open UI
  4. I can see Airflow UI requesting SSO login.
  5. I generated token with "aws mwaa create-web-login-token"

https://localhost:8888/aws_mwaa/aws-console-sso?login=true#eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJ3ZWIiLCJyb2xlcyI6IkFkbWluIiwiZXhwIjoxNzA0ODc5ODk5LCJ1c2VyIjoiYXNzdW1lZC1yb2xlL0FXU1Jlc2VydmVkU1NPX0FXU0FkbWluaXN0cmF0b3JBY2NlS0I1eXU1QjdMcjlvRG91QSJ9.H2uBzOmG8E7hIYaHEIbwoXbCPFeXjHf1y5tvUPULdlW3pJHoqbVNUGzM-Az95BW1RI5NrChd2aFqgop7IiceqQ2DbWD4zwEueizje0O_caNDzqWds6xaCZx3WcvVPmtDsBqqSuofSFolna50iFFIvMHkA9JkpWpGnaaP_jMsVx_ul1uxmJzQbCBeJXzkXmR6LnG7PcGiPdaTmXddaGgc-GMTm6l4MgotbDIaBnP-cyzvdrz5szqb32SSFy5fhg4w-A5z7AzwTOF2eTYgqYQ6Myl5rl4ryNteoID633zUstrPWtFC1-lHB3xJZhkfhIpTew8eEexGqinh6DK_xOKpsA 6. Trying to UI with token and getting Forbidden error.

Enter image description here

webserver logs:

Maybe somebody can help me on what I am doing wrong?

**FOLLOWUP: I attached AdministratorAccess to role that was created by MWAA automatically **

how can I figure out which role was missing?

Sujets
Intégration d'applications
Balises
Amazon Managed Workflows pour Apache Airflow (MWAA)
Langue
English
Adas Kavaliauskas
demandé il y a 4 mois148 vues
1 réponse
0

Hello, I'm assuming that you're following the steps outlined in this documentation: https://docs.aws.amazon.com/mwaa/latest/userguide/call-mwaa-apis-web.html

It is important to note that the generated web-login-token is only valid for 60 seconds. Thus, it is important to access the Airflow URL with the token before it expires. If you're still facing the error even after ensuring timely login, the issue could be related to the IAM permissions. For the IAM execution role created during MWAA environment creation, it should already have the required permissions. Whereas, for login into Airflow UI, your own IAM role/user needs to have the airflow:CreateWebLoginToken permission as mentioned here: https://docs.aws.amazon.com/mwaa/latest/userguide/access-policies.html#web-ui-access

I hope this helps.

AWS
AWS-Sajjan
répondu il y a 3 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents