10-31-2023 08:35 AM
Hi
We're in the process of moving over from Databricks in Azure to AWS.
I am trying to establish a method of accessing secrets from AWS Secrets Manager (we were using Azure KeyVault) and understand this can be done with boto as suggested from AWS.
We have created all of the relevant IAM roles, instance profiles etc. Accessing S3 with this method is working OK.
However, whenever I try to interact with Secrets Manager I keep getting the "NoCredentialsError: Unable to locate credentials" error.
The role assigned to the EC2 after creation has the relevant permission to read/write from Secrets Manager.
I'm at a dead end and appreciate any help.
Many Thanks
Example code:
11-17-2023 12:34 AM
Hi @AClarkson, I understand that you are trying to access AWS Secrets Manager from a shared cluster and are facing issues due to the constraints mentioned in the documentation . Since the instance metadata service (IMDS) is not accessible from the shared cluster, you cannot use the AWS SDK to retrieve temporary security credentials .
However, there are a few workarounds that you can try to access AWS Secrets Manager from a shared cluster:
I hope this helps! Let me know if you have any other questions.
11-01-2023 03:47 AM
I should add I'm running this on a shared cluster and therefore suspect the following constraints are impeding me:
Taken from: https://docs.databricks.com/en/clusters/configure.html
Cannot connect to the instance metadata service (IMDS), other EC2 instances, or any other services running in the Databricks VPC.
This prevents access to any service that uses the IMDS, such as boto3 and the AWS CLI.
So begs the question, how do I interface with AWS Secrets Manager from a shared cluster ?
Thanks!
11-17-2023 12:34 AM
Hi @AClarkson, I understand that you are trying to access AWS Secrets Manager from a shared cluster and are facing issues due to the constraints mentioned in the documentation . Since the instance metadata service (IMDS) is not accessible from the shared cluster, you cannot use the AWS SDK to retrieve temporary security credentials .
However, there are a few workarounds that you can try to access AWS Secrets Manager from a shared cluster:
I hope this helps! Let me know if you have any other questions.
11-17-2023 12:49 AM
Thanks Kaniz for your comprehensive response.
We are going to use the Databricks secrets for the time being.
11-17-2023 12:50 AM
Awesome, Thank you! Happy Learning!
Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections.
Click here to register and join today!
Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.