cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to read S3 object through AssumedRoleCredentialProvider

Sweetnesh
New Contributor

‎05-29-2023 04:50 AM

SparkSession spark = SparkSession.builder()

.appName("SparkS3Example")

.master("local[1]")

.getOrCreate();

spark.sparkContext().hadoopConfiguration().set("fs.s3a.access.key", S3_ACCOUNT_KEY);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.secret.key", S3_SECRET_KEY);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.aws.credentials.provider", "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.credentials.provider", "org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.arn", "arn:aws:iam::000000000000:role/<bucket>");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint.region", awsRegion);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.session.name", "test");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint", "sts.ap-southeast-2.amazonaws.com");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint", "s3.ap-southeast-2.amazonaws.com");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint.region", awsRegion

Able to get AccessKeyId, SecretAccessKey and SessionToken through AssumedRoleCredentialProvider, but not able to get object from S3, it is throwing 403 AccessDenied exception.

But If I used same AccessKeyId, SecretAccessKey and SessionToken in AWS CLI then able to download using cp command through command prompt.

Expected to access S3 object through AssumedRoleCredentialProvider.

Labels:
0 Kudos
2 REPLIES 2

Debayan
Databricks Employee
Databricks Employee

‎05-30-2023 12:13 AM

Similar thread: https://repost.aws/knowledge-center/s3-troubleshoot-403

0 Kudos

Vartika
Databricks Employee
Databricks Employee

‎05-30-2023 01:52 AM

Hi @Sweetnesh Dholariya​,

Does @Debayan Mukherjee​'s response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?

Thanks!

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements