This is an automated email from the ASF dual-hosted git repository.
eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 25543846b8 docs: List permissions required to use S3 logging (#36736)
25543846b8 is described below
commit 25543846b89e294fd346ac747c8ede490d685066
Author: Alex Grounds <[email protected]>
AuthorDate: Thu Jan 11 11:42:51 2024 -0600
docs: List permissions required to use S3 logging (#36736)
* List permissions required to use S3 logging
* Use double backticks
---------
Co-authored-by: Alex Grounds <[email protected]>
---
docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst
b/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst
index ca1b58abb5..f340f82cbc 100644
--- a/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst
+++ b/docs/apache-airflow-providers-amazon/logging/s3-task-handler.rst
@@ -77,6 +77,12 @@ Example with sample inputs
eksctl create iamserviceaccount --cluster=airflow-eks-cluster
--name=airflow-sa --namespace=airflow
--attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3FullAccess --approve
+If you create your own IAM policy (as is strongly recommended), it should
include the following permissions.
+
+- ``s3:ListBucket`` (for the S3 bucket to which logs are written)
+- ``s3:GetObject`` (for all objects in the prefix under which logs are written)
+- ``s3:PutObject`` (for all objects in the prefix under which logs are written)
+
Step2: Update Helm Chart values.yaml with Service Account
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
