By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What should I edit in AWS bucket policy to work with MWAA (Airflow)

0

I have tried creating several buckets in AWS (all public access blocked) which have "Action": [ "s3:GetEncryptionConfiguration" ] included.

However, I keep getting the error Error occurred while trying to read bucket encryption configuration, please ensure that the s3:GetEncryptionConfiguration IAM permission is present at the airflow environment creation stage. Where should I be adding this IAM permission and how?

Topics
StorageApplication IntegrationSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceAmazon Managed Workflows for Apache Airflow (MWAA)AWS IAM Identity Center
Language
English
rePost-User-1458258
asked 2 years ago291 views
2 Answers
1

I believe this could be due to one of these two:

  • Are you using an S3 bucket owned by a different account? MWAA executes the code inside the provided bucket and as such the security standard regarding this S3 bucket is to be kept very high. As part of that, only buckets within the same account as the user trying to create the environment are allowed.
  • The S3 bucket field needs a high level S3 bucket in the format of s3://mybucket. It does not allow folders or prefixes. So, if you are using s3://mybucket/my-prefix that would not work

Let me know if that fixes your problem

profile pictureAWS
Ananth Tirumanur
answered 2 years ago
profile pictureAWS
EXPERT
Chris_G
reviewed 2 years ago
0

Thank you. It was probably number 2 - having used a folder. But I had fixed it using CloudFormation (which creates a top level bucket within the config) instead of going through the web console. Appreciate the help!

rePost-User-1458258
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content