Grant Spark cluster instances access to prod pipeline S3 storage

RESOLVED FIXED

Status

Cloud Services
Metrics: Pipeline
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: rvitillo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

We would like to grant Spark clusters, fired up from the self service analysis dashboard, read+list access to v4 telemetry submissions on top of its current access to telemetry-published-v2 bucket for v2 telemetry submission.

Having access to both v2 and v4 submissions within the same Spark cluster is going to be useful to validate the new v4 data.

The current role for Spark clusters, "telemetry-spark-emr", is defined in the old moz-svc-dev IAM.
(Reporter)

Updated

3 years ago
Flags: needinfo?(whd)
(Reporter)

Updated

3 years ago
Blocks: 1125451

Comment 1

3 years ago
Role ARN: arn:aws:iam::142069644989:role/pipeline-old-dev-iam-access-IamRole-VKIYZT5FHCN9
Instance Profile ARN: arn:aws:iam::142069644989:instance-profile/pipeline-old-dev-iam-access-IamInstanceProfile-UIBIRWX6SLKP

I've updated the prod IAM permissions to allow read access from old dev, and copied the CFN defining an example IAM role to new dev. You should either be able to use the above instance profile or create your own.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(whd)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.