Open maxneuvians opened 3 years ago
Added this, but the fargate pods are not inheriting an IAM role. We may need an EKS service account in that case
We were able to add a fargate profile and service account so that the pods have all the access they need. However, because celery 3.26 uses boto
and not boto3
it is not able to load the dynamic credentials that are injected into the container. boto3
has the ability to do this (https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#assume-role-with-web-identity-provider) but boto
does not. We will need to upgrade celery before we can use this dynamic scaling.
The other solution is to use IAM credentials from a static IAM user
We should look into using https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html for the celery worker pods to make them more elastic.