dataall
dataall copied to clipboard
data-dot-all
Dataset import does not work
Describe the bug
Found a bug while testing 2.4
While creating a new imported dataset I am seeing this error:
Data.all Environment Pivot Role does not have s3:GetEncryptionConfiguration Permission for may2-imported bucket: An error occurred (AccessDenied) when calling the GetBucketEncryption operation: Access Denied
I also checked documentation to see if we’ve added any new instructions to import datasets, but couldn’t find anything relevant there.
How to Reproduce
- Try to import a dataset in data.all with KMS key encryption by specifying kms key in the UI during import.
- Import dataset with normal S3 encryption by leaving kms key field blank in UI during dataset import.
Expected behavior
Should not be seeing the error and import should work without any changes.
Your project
No response
Screenshots
No response
OS
Mac
Python version
3.9
AWS data.all version
2.4
Additional context
No response
This is related to https://github.com/data-dot-all/dataall/pull/883/files My pivot role is missing s3:GetEncryptionConfiguration
After some offline discussion it was determined that the missing permissions was due to using an older version of the CloudFormation-based pivotRole.yaml to create the pivotRole IAM Role and the associated policies.
After updating to using the latest pivotRole.yaml or switching to enableAutoCreatePivotRole to true in SSM Parameter Store, the s3:GetEncryptionConfiguration permission is properly added to the pivotRole
As an enhancement we can remove the dependency for SSM Parameter store to be configured appropriately for local deployments to make level dev experience more straightforward. Closing this issue as the developer experience enhancement(s) issue is already tracked at https://github.com/data-dot-all/dataall/issues/1180
@anushka-singh please do not hesitate to reach out or re-open this issue if anything is missed in the above
