topic Not able to read S3 object through AssumedRoleCredentialProvider in Data Engineering https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3916#M794 <P>SparkSession spark = SparkSession.builder()</P><P> .appName("SparkS3Example")</P><P> .master("local[1]")</P><P> .getOrCreate();</P><P></P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.access.key", S3_ACCOUNT_KEY);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.secret.key", S3_SECRET_KEY);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.aws.credentials.provider", "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.credentials.provider", "org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.arn", "arn:aws:iam::000000000000:role/&lt;bucket&gt;");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint.region", awsRegion);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.session.name", "test");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint", "sts.ap-southeast-2.amazonaws.com");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint", "s3.ap-southeast-2.amazonaws.com");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint.region", awsRegion</P><P></P><P>Able to get AccessKeyId, SecretAccessKey and SessionToken through AssumedRoleCredentialProvider, but not able to get object from S3, it is throwing 403 AccessDenied exception.</P><P></P><P>But If I used same AccessKeyId, SecretAccessKey and SessionToken in AWS CLI then able to download using cp command through command prompt.</P><P></P><P>Expected to access S3 object through AssumedRoleCredentialProvider.</P><P></P> Mon, 29 May 2023 11:50:32 GMT Sweetnesh 2023-05-29T11:50:32Z Not able to read S3 object through AssumedRoleCredentialProvider https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3916#M794 <P>SparkSession spark = SparkSession.builder()</P><P> .appName("SparkS3Example")</P><P> .master("local[1]")</P><P> .getOrCreate();</P><P></P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.access.key", S3_ACCOUNT_KEY);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.secret.key", S3_SECRET_KEY);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.aws.credentials.provider", "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.credentials.provider", "org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.arn", "arn:aws:iam::000000000000:role/&lt;bucket&gt;");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint.region", awsRegion);</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.session.name", "test");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint", "sts.ap-southeast-2.amazonaws.com");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint", "s3.ap-southeast-2.amazonaws.com");</P><P> spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint.region", awsRegion</P><P></P><P>Able to get AccessKeyId, SecretAccessKey and SessionToken through AssumedRoleCredentialProvider, but not able to get object from S3, it is throwing 403 AccessDenied exception.</P><P></P><P>But If I used same AccessKeyId, SecretAccessKey and SessionToken in AWS CLI then able to download using cp command through command prompt.</P><P></P><P>Expected to access S3 object through AssumedRoleCredentialProvider.</P><P></P> Mon, 29 May 2023 11:50:32 GMT https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3916#M794 Sweetnesh 2023-05-29T11:50:32Z Re: Not able to read S3 object through AssumedRoleCredentialProvider https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3918#M796 <P>Hi @Sweetnesh Dholariya​,</P><P></P><P>Does @Debayan Mukherjee​'s response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?</P><P></P><P>Thanks!</P><P></P> Tue, 30 May 2023 08:52:57 GMT https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3918#M796 Vartika 2023-05-30T08:52:57Z Re: Not able to read S3 object through AssumedRoleCredentialProvider https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3917#M795 <P>Similar thread: <A href="https://repost.aws/knowledge-center/s3-troubleshoot-403" alt="https://repost.aws/knowledge-center/s3-troubleshoot-403" target="_blank">https://repost.aws/knowledge-center/s3-troubleshoot-403</A></P> Tue, 30 May 2023 07:13:28 GMT https://community.databricks.com/t5/data-engineering/not-able-to-read-s3-object-through-assumedrolecredentialprovider/m-p/3917#M795 Debayan 2023-05-30T07:13:28Z