ptrhck opened a new issue #17190: URL: https://github.com/apache/airflow/issues/17190
**Apache Airflow version**: 2.1.2 **Environment**: - **Cloud provider or hardware configuration**: AWS ECS Fargate **What happened**: I have made an update from 2.0.1 to 2.1.2, and fetching the logs from s3 fails suddenly: `An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::111111111:assumed-role/airflow-ecs-task-role/cfdjkal342nk432hvbkjl34 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111:role/airflow-ecs-task-role` I am wondering why the ecs task itself is not able to assume its own role? IsnĀ“t that what it basically means? **What you expected to happen**: Getting the logs from remote s3 as before. **Anything else we need to know**: All Fargate tasks (webserver, scheduler, worker) are getting the following environment variables. I have followed [this ](https://airflow.apache.org/docs/apache-airflow/stable/howto/connection.html#generating-a-connection-uri) approach to generate the connection URI. ``` - Name: AIRFLOW_CONN_LOGS_S3 Value: !Sub 's3://s3?aws_account_id=111111111&role_arn=arn%3Aaws%3Aiam%3A%3A919107267526%3Arole%2Fairflow-ecs-task-role' - Name: AIRFLOW__LOGGING__REMOTE_LOGGING Value: 'true' - Name: AIRFLOW__LOGGING__REMOTE_BASE_LOG_FOLDER Value: !Sub "s3://nefino-airflow-${Stage}-logs/" - Name: AIRFLOW__LOGGING__REMOTE_LOG_CONN_ID Value: logs_s3 - Name: AIRFLOW__LOGGING__ENCRYPT_S3_LOGS Value: 'false' ``` How often does this problem occur? Once? Every time etc? Any relevant logs to include? Put them here in side a detail tag: *** Failed to verify remote log exists s3://bucket/dag/dag/2021-07-23T11:37:30.860418+00:00/1.log. ``` An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::111111111:assumed-role/airflow-ecs-task-role/cfdjkal342nk432hvbkjl34 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111:role/airflow-ecs-task-role *** Falling back to local log *** Log file does not exist: ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
