cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

why the userIdentity is anonymous?

rt-slowth
Contributor

โ€Ž01-15-2024 12:07 AM

Do you know why the userIdentity is anonymous in AWS Cloudtail's logs even though I have specified an instance profile?

Labels:
0 Kudos
6 REPLIES 6

CharlesReily
New Contributor III

โ€Ž01-15-2024 02:09 AM

If you're using AssumeRole to switch roles, make sure that the assumed role session is being used correctly. The Security Token Service (STS) is responsible for issuing temporary security credentials when assuming roles. Ensure that your EC2 instances have been assigned the correct IAM roles with the necessary permissions. AWS CloudTrail logs typically capture the identity of the caller making the API request. If your EC2 instance has the correct IAM role associated with it, CloudTrail should log the identity appropriately.

0 Kudos

rt-slowth
Contributor
In response to CharlesReily

โ€Ž01-25-2024 04:10 PM

@Kaniz @CharlesReily 

Directory listing mode is supported by default. File notification mode is only supported on single user clusters.

 
I was trying to use File Notification Mode in DLT and encountered the above problem...
0 Kudos

Babu_Krishnan
New Contributor III
In response to rt-slowth

a week ago

I tried with "Single User" cluster, but still getting error "org.apache.spark.sql.streaming.StreamingQueryException: [STREAM_FAILED] Query [id = 55e0cb16-5e12-444d-a132-a24b999e2e4a, runId = 3ae637bb-847a-472b-a133-64b58ccb35cb] terminated with exception: User: anonymous is not authorized to perform: sqs:receivemessage on resource: arn:aws:sqs:us-east-1:4".

Used "data_security_mode":"SINGLE_USER" in Cluste policy. Am I missing anything ?

0 Kudos

rt-slowth
Contributor
In response to Babu_Krishnan

a week ago

@Babu_Krishnan 

As far as I know, pipelines created with Shared Cluster and Delta Live Table are not in File notification mode.
Since Delta Live Table is a Shared Cluster by default.
Before that, how is your AWS IAM role set up?
If you can share your cluster configuration and the code that performs the readStream, I'll see what I can do.

0 Kudos

Babu_Krishnan
New Contributor III
In response to rt-slowth

a week ago

@rt-slowth ,  Thanks for the reply. IAM role should be fine (with all the required permissions) since it was perfectly working with DLT without UC. We are seeing this failure when we are migrating. the existing DLT to Unity Catalog. FYI , I am able run the pipeline with "Direcltory listing" mode, I see this SQS permission error only when we use the file notification mode.

Babu_Krishnan_0-1714616743848.png

Babu_Krishnan_1-1714616817428.png

 

 

0 Kudos

Kaniz
Community Manager
Community Manager

โ€Ž01-18-2024 01:27 AM

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 
 

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.