cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Allow read access to S3 buckets from one AWS accounts to other AWS accounts.

Go to solution
164079
Contributor II

โ€Ž12-28-2022 06:11 AM

Dear team, 

We have several AWS accounts with S3 buckets, the databricks setup is on our dev AWS account and we would like to allow instance profile to have read permission on all our S3 buckets on the other AWS accounts ( without using bucket policy which require us to add it on any bucket)

I am trying using the assume role but dosent work, getting access denied.

It is working only if i set S3 bucket permissions on my other/remote AWS account bucket policy.

Please advise

Thansks!

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
User16255483290
Contributor

โ€Ž12-28-2022 11:09 AM

Can you please share the IAM role policy in the secondary account (Bucket account) ?

Just wanted to know have you tried setting the config in the cluster.

spark.hadoop.fs.s3a.bucket.<s3-bucket-name>.aws.credentials.provider org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider

spark.hadoop.fs.s3a.bucket.<s3-bucket-name>.assumed.role.arn arn:aws:iam::<bucket-owner-account-id>:role/Master_Role

View solution in original post

2 REPLIES 2

Go to solution
User16255483290
Contributor

โ€Ž12-28-2022 11:09 AM

Can you please share the IAM role policy in the secondary account (Bucket account) ?

Just wanted to know have you tried setting the config in the cluster.

spark.hadoop.fs.s3a.bucket.<s3-bucket-name>.aws.credentials.provider org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider

spark.hadoop.fs.s3a.bucket.<s3-bucket-name>.assumed.role.arn arn:aws:iam::<bucket-owner-account-id>:role/Master_Role

Go to solution
164079
Contributor II
In response to User16255483290

โ€Ž12-29-2022 12:59 AM

Thank you @D Raj Kumarโ€‹ 

Added it and now its works!

Thanks

0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements