https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/57348#M30756 <P>If you're using AssumeRole to switch roles, make sure that the assumed role session is being used correctly. The Security Token Service (STS) is responsible for issuing temporary security credentials when assuming roles. Ensure that your EC2 instances have been assigned the correct IAM roles with the necessary permissions. AWS CloudTrail logs typically capture the identity of the caller making the API request. If your EC2 instance has the correct IAM role associated with it, CloudTrail should log the identity appropriately.</P> Mon, 15 Jan 2024 10:09:42 GMT CharlesReily 2024-01-15T10:09:42Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/57297#M30754 <P>Do you know why the userIdentity is anonymous in AWS Cloudtail's logs even though I have specified an instance profile?</P> Mon, 15 Jan 2024 08:07:53 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/57297#M30754 rt-slowth 2024-01-15T08:07:53Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/57348#M30756 <P>If you're using AssumeRole to switch roles, make sure that the assumed role session is being used correctly. The Security Token Service (STS) is responsible for issuing temporary security credentials when assuming roles. Ensure that your EC2 instances have been assigned the correct IAM roles with the necessary permissions. AWS CloudTrail logs typically capture the identity of the caller making the API request. If your EC2 instance has the correct IAM role associated with it, CloudTrail should log the identity appropriately.</P> Mon, 15 Jan 2024 10:09:42 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/57348#M30756 CharlesReily 2024-01-15T10:09:42Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/58459#M31168 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/9">@Retired_mod</a>&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/98179">@CharlesReily</a>&nbsp;</P><DIV class=""><P><STRONG>Directory listing mode is supported by default. File notification mode is only supported on single user clusters.</STRONG></P></DIV><DIV class="">&nbsp;</DIV><DIV class="">I was trying to use File Notification Mode in DLT and encountered the above problem...</DIV> Fri, 26 Jan 2024 00:10:05 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/58459#M31168 rt-slowth 2024-01-26T00:10:05Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67864#M33467 <P>I tried with "Single User" cluster, but still getting error "<SPAN>org.apache.spark.sql.streaming.StreamingQueryException: [STREAM_FAILED] Query [id = 55e0cb16-5e12-444d-a132-a24b999e2e4a, runId = 3ae637bb-847a-472b-a133-64b58ccb35cb] terminated with exception: User: anonymous is not authorized to perform: sqs:receivemessage on resource: arn:aws:sqs:us-east-1:4".</SPAN></P><P><SPAN>Used "data_security_mode":"SINGLE_USER" in Cluste policy. Am I missing anything ?</SPAN></P> Wed, 01 May 2024 22:59:00 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67864#M33467 Babu_Krishnan 2024-05-01T22:59:00Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67865#M33468 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/100208">@Babu_Krishnan</a>&nbsp;<BR /><BR />As far as I know, pipelines created with Shared Cluster and Delta Live Table are not in File notification mode.<BR />Since Delta Live Table is a Shared Cluster by default.<BR />Before that, how is your AWS IAM role set up?<BR />If you can share your cluster configuration and the code that performs the readStream, I'll see what I can do.</P> Wed, 01 May 2024 23:24:25 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67865#M33468 rt-slowth 2024-05-01T23:24:25Z https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67879#M33470 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/87732">@rt-slowth</a>&nbsp;,&nbsp; Thanks for the reply. IAM role should be fine (with all the required permissions) since it was perfectly working with DLT without UC. We are seeing this failure when we are migrating. the existing DLT to Unity Catalog. FYI , I am able run the pipeline with "Direcltory listing" mode, I see this SQS permission error only when we use the file notification mode.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Babu_Krishnan_0-1714616743848.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/7357iD60109BA0A1A94E5/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Babu_Krishnan_0-1714616743848.png" alt="Babu_Krishnan_0-1714616743848.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Babu_Krishnan_1-1714616817428.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/7358i2E0BF0980281C26F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Babu_Krishnan_1-1714616817428.png" alt="Babu_Krishnan_1-1714616817428.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 02 May 2024 02:27:31 GMT https://community.databricks.com/t5/data-engineering/why-the-useridentity-is-anonymous/m-p/67879#M33470 Babu_Krishnan 2024-05-02T02:27:31Z