With Astronomer Enterprise, you have additional options for providing specific IAM roles to specific pods running Airflow.If Airflow is running outside of AWS (on-prem), then access key is likely requiredĪstronomer Enterprise - Additional options for IAM on EKS.Default role can be overwritten by providing an access key / secret access key in the AWS connection setup.If Airflow is running on EKS, the default role is the roll attached to the EC2 nodes that EKS is running on.
If Airflow is running on standard AWS infrastructure (EC2), the default role is the roll attached to the EC2 instance running airflow.Which IAM Role does Airflow Run as before assuming a role? In the resource field, put the role ARNs for cross account roles created in step 1.Attach an IAM policy granting permissions to assume role.Find the IAM role that airflow will be running as.Attach an IAM policy to the role granting appropriate permissions.Create a cross account role with the account ID of the DS Shared Account.In both AWS-Account-1 and AWS-Account-2.
Airflow aws how to#
How to write DAGs that span multiple AWS Accounts Why are companies writing DAGs that span multiple AWS Accounts?
0 kommentar(er)
