What should I edit in AWS bucket policy to work with MWAA (Airflow)


I have tried creating several buckets in AWS (all public access blocked) which have "Action": [ "s3:GetEncryptionConfiguration" ] included.

However, I keep getting the error Error occurred while trying to read bucket encryption configuration, please ensure that the s3:GetEncryptionConfiguration IAM permission is present at the airflow environment creation stage. Where should I be adding this IAM permission and how?

2 Answers

I believe this could be due to one of these two:

  • Are you using an S3 bucket owned by a different account? MWAA executes the code inside the provided bucket and as such the security standard regarding this S3 bucket is to be kept very high. As part of that, only buckets within the same account as the user trying to create the environment are allowed.
  • The S3 bucket field needs a high level S3 bucket in the format of s3://mybucket. It does not allow folders or prefixes. So, if you are using s3://mybucket/my-prefix that would not work

Let me know if that fixes your problem

profile picture
answered 3 months ago
profile picture
reviewed 3 months ago

Thank you. It was probably number 2 - having used a folder. But I had fixed it using CloudFormation (which creates a top level bucket within the config) instead of going through the web console. Appreciate the help!

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions