Issue with AWS Credentials in Airbyte on EKS

Summary

User is facing AWS credentials loading issues while running Airbyte on EKS. The job fails due to the usage of the default service account instead of the correctly annotated airbyte-admin service account for AWS access.


Question

Hey everyone,
I’m running Airbyte 1.3.0 on EKS 1.31 and trying to set up a connection with Microsoft Entra. But I’m hitting an issue where the job keeps failing with this error:

Exception in thread "Thread-0" software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])): Profile file contained no credentials for profile 'default': ProfileFile(sections=[]), ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
It seems like the issue is related to the service account. The failing job is using the default service account, which isn’t annotated. I did annotate the airbyte-admin service account with an IAM role that grants the required AWS access.
Is there a way to ensure the job runs with the airbyte-admin service account instead of default?
Thanks in advance!



This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want
to access the original thread.

Join the conversation on Slack

['airbyte', 'aws-credentials', 'eks', 'service-account', 'iam-role']