cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to read S3 object through AssumedRoleCredentialProvider

Sweetnesh
New Contributor

‎05-29-2023 04:50 AM

SparkSession spark = SparkSession.builder()

.appName("SparkS3Example")

.master("local[1]")

.getOrCreate();

spark.sparkContext().hadoopConfiguration().set("fs.s3a.access.key", S3_ACCOUNT_KEY);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.secret.key", S3_SECRET_KEY);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.aws.credentials.provider", "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.credentials.provider", "org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.arn", "arn:aws:iam::000000000000:role/<bucket>");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint.region", awsRegion);

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.session.name", "test");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.assumed.role.sts.endpoint", "sts.ap-southeast-2.amazonaws.com");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint", "s3.ap-southeast-2.amazonaws.com");

spark.sparkContext().hadoopConfiguration().set("fs.s3a.endpoint.region", awsRegion

Able to get AccessKeyId, SecretAccessKey and SessionToken through AssumedRoleCredentialProvider, but not able to get object from S3, it is throwing 403 AccessDenied exception.

But If I used same AccessKeyId, SecretAccessKey and SessionToken in AWS CLI then able to download using cp command through command prompt.

Expected to access S3 object through AssumedRoleCredentialProvider.

Labels:
0 Kudos
2 REPLIES 2

Debayan
Esteemed Contributor III
Esteemed Contributor III

‎05-30-2023 12:13 AM

Similar thread: https://repost.aws/knowledge-center/s3-troubleshoot-403

0 Kudos

Vartika
Moderator
Moderator

‎05-30-2023 01:52 AM

Hi @Sweetnesh Dholariya​,

Does @Debayan Mukherjee​'s response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?

Thanks!

0 Kudos
Announcements