Issue with AWS Credentials in Airbyte on EKS

slack-user-airbyte · December 12, 2024, 2:57pm

Summary

User is facing AWS credentials loading issues while running Airbyte on EKS. The job fails due to the usage of the default service account instead of the correctly annotated airbyte-admin service account for AWS access.

Question

Hey everyone,
I’m running Airbyte 1.3.0 on EKS 1.31 and trying to set up a connection with Microsoft Entra. But I’m hitting an issue where the job keeps failing with this error:

Exception in thread "Thread-0" software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])): Profile file contained no credentials for profile 'default': ProfileFile(sections=[]), ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
It seems like the issue is related to the service account. The failing job is using the default service account, which isn’t annotated. I did annotate the airbyte-admin service account with an IAM role that grants the required AWS access.
Is there a way to ensure the job runs with the airbyte-admin service account instead of default?
Thanks in advance!

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want
to access the original thread.

Join the conversation on Slack

_{['airbyte', 'aws-credentials', 'eks', 'service-account', 'iam-role']}

Topic		Replies	Views
Using EKS pod identity with Kubernetes Airbyte deployment Connector Questions kubernetes , airbyte , connector , question , aws-credentials	0	108	August 23, 2024
Struggling with S3 configuration for state & logging using instanceProfile authentication Platform Questions platform , error-message , question , s3-configuration , aws-credentials	3	229	September 8, 2024
Issue with deploying through Helm on AWS EKS due to AWS credentials error Platform Questions helm , bug , aws-eks , aws-credentials , authentication-type	14	177	September 11, 2024
Issue with AWS credentials when adding a destination with a secret in Airbyte on EKS Platform Questions airbyte , aws-secrets-manager , destination , eks , aws-credentials	1	17	October 17, 2024
Issue with S3 credentials configuration in Airbyte deployment Platform Questions platform , helm , question , airbyte-deployment , s3-credentials	11	32	November 21, 2024

Issue with AWS Credentials in Airbyte on EKS

Summary

Question

Related topics