- 最新
- 最多得票
- 最多評論
Short Description:
Accessing Amazon Athena service from Amazon Elastic Kubernetes Service (Amazon EKS) using AWS Identity and Access Management (IAM) roles for service accounts (IRSA).
Reading documentation [1] setting the OIDC provider connection in the target account, but the IAM role and policy are not working.
Resolution:
May I recommend the following blog which covers troubleshooting IRSA errors in Amazon EKS [2], https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors
Use following documentation and example policies for Cross Account Setup --> Relevant IAM Permissions [3]
Cross-account access in Athena to Amazon S3 buckets - Policy example provided [4]
Lastly, this blog, "Analyze Kubernetes container logs using Amazon S3 and Amazon Athena" [5], may assist in achieving your use case.
If further assistance is required to troubleshoot a specific error received, may I recommend opening an Internal Ticket with AWS Support for further assistance.
References:
[1] https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
[2] https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors
[3] https://docs.aws.amazon.com/eks/latest/userguide/cross-account-access.html
[4] https://docs.aws.amazon.com/athena/latest/ug/cross-account-permissions.html
相關內容
- AWS 官方已更新 8 個月前
- AWS 官方已更新 8 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 7 個月前