search

apache / iceberg

Apache Iceberg
https://iceberg.apache.org/
Apache License 2.0
6.44k stars 2.22k forks source link

s3:DeleteObject giving because no session policy allows the s3:DeleteObject action #11153

Open apareekkhoros opened 1 month ago

apareekkhoros commented 1 month ago

Query engine

No response

Question

I am using Iceberg with flink on AWS. I keep getting error as below: AccessDenied: bf4a3c0f5d241f5f59a2dae4dd4dc61b-642760139656-1717669206233/: User: arn:aws:sts::340686679554:assumed-role/AWSKinesisAnalyticsKubern-S3CustomerAppStateAccess-1DK4LG9JOK6RM/FlinkApplicationStateSession is not authorized to perform: s3:DeleteObject on resource: \"arn:aws:s3:::7bfe006b0420e57867507672221ef03fd067eaa6/bf4a3c0f5d241f5f59a2dae4dd4dc61b-642760139656-1717669206233/\" because no session policy allows the s3:DeleteObject action\n

I cannot find above role/bucket in my account so I am unsure why I keep getting this error

My IAM role already allows S3 delete object on iceberg bucket. but above bucket is something weird

apareekkhoros commented 1 month ago
1.11 1.20.0 1.6.1 3.3.6
steveloughran commented 2 weeks ago

This is kinesis related; nothing to do with Iceberg.

apareekkhoros commented 2 weeks ago

Hey @steveloughran thanks for the reply. Why do you say it's kinesis related? Isn't iceberg the one responsible for deleting files? Can you pls assist or direct me to a documentation around it?