Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Cross-Account S3 for dags and Secrets Manager for connections

0

Hi

I am really trying hard to get this one.

I have my S3 bucket for dags and secrets manager secrets for variables in account A and my MWAA environment in account B. I have given all the permissions to the MWAA execution role and set the bucket policy and secrets manager policy as well to allow my MWAA role. But my MWAA environment cannot access any of these.

So I am wondering whether MWAA actually supports cross account S3 bucket as a source bucket and cross account secrets manager to store airflow variables.

Please help me out because I have googled a lot but found nothing helpful.

Tópicos
Integração de aplicativos
Tags
Amazon Managed Workflows for Apache Airflow (MWAA)
Idioma
English
Mouzma
feita há 3 anos1141 visualizações
2 Respostas
0

Hi!

The S3 bucket for DAGs must exist in the same account as the MWAA environment. This is to prevent MWAA executing code from another account.

Cross account secrets manager may work with IAM delegation https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html or by adding an explicit AWS connection via secret via the Airflow connections UI.

Thanks!

AWS
John_J
respondido há 3 anos
0

What about KMS key? It can be cross-account. Right?

Mouzma
respondido há 3 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante