cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

why the userIdentity is anonymous?

rt-slowth
Contributor

โ€Ž01-15-2024 12:07 AM

Do you know why the userIdentity is anonymous in AWS Cloudtail's logs even though I have specified an instance profile?

Labels:
0 Kudos
5 REPLIES 5

CharlesReily
New Contributor III

โ€Ž01-15-2024 02:09 AM

If you're using AssumeRole to switch roles, make sure that the assumed role session is being used correctly. The Security Token Service (STS) is responsible for issuing temporary security credentials when assuming roles. Ensure that your EC2 instances have been assigned the correct IAM roles with the necessary permissions. AWS CloudTrail logs typically capture the identity of the caller making the API request. If your EC2 instance has the correct IAM role associated with it, CloudTrail should log the identity appropriately.

0 Kudos

rt-slowth
Contributor
In response to CharlesReily

โ€Ž01-25-2024 04:10 PM

@Retired_mod @CharlesReily 

Directory listing mode is supported by default. File notification mode is only supported on single user clusters.

 
I was trying to use File Notification Mode in DLT and encountered the above problem...
0 Kudos

Babu_Krishnan
Contributor
In response to rt-slowth

โ€Ž05-01-2024 03:59 PM

I tried with "Single User" cluster, but still getting error "org.apache.spark.sql.streaming.StreamingQueryException: [STREAM_FAILED] Query [id = 55e0cb16-5e12-444d-a132-a24b999e2e4a, runId = 3ae637bb-847a-472b-a133-64b58ccb35cb] terminated with exception: User: anonymous is not authorized to perform: sqs:receivemessage on resource: arn:aws:sqs:us-east-1:4".

Used "data_security_mode":"SINGLE_USER" in Cluste policy. Am I missing anything ?

0 Kudos

rt-slowth
Contributor
In response to Babu_Krishnan

โ€Ž05-01-2024 04:24 PM

@Babu_Krishnan 

As far as I know, pipelines created with Shared Cluster and Delta Live Table are not in File notification mode.
Since Delta Live Table is a Shared Cluster by default.
Before that, how is your AWS IAM role set up?
If you can share your cluster configuration and the code that performs the readStream, I'll see what I can do.

0 Kudos

Babu_Krishnan
Contributor
In response to rt-slowth

โ€Ž05-01-2024 07:27 PM

@rt-slowth ,  Thanks for the reply. IAM role should be fine (with all the required permissions) since it was perfectly working with DLT without UC. We are seeing this failure when we are migrating. the existing DLT to Unity Catalog. FYI , I am able run the pipeline with "Direcltory listing" mode, I see this SQS permission error only when we use the file notification mode.

Babu_Krishnan_0-1714616743848.png

Babu_Krishnan_1-1714616817428.png

 

 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements