Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi everyone. I have a flow running on ECS. The flow needs to write data to an s3 bucket that is in a different account. I was using AWS keys in a Credential block and the S3 block but they want to deprecate the keys and use roles instead.
They AWS admin apparently granted permission to the task execution role to access s3 in the other account. However, I tried using the s3 block without a credential block associated and am getting `Task run encountered an exception: botocore.exceptions.NoCredentialsError: Unable to locate credentials`
Is it possible to use the S3 Block/Credential block to assume a specific role?

I’m not sure if this would work, but you can try creating an empty credentials block - they would be `None` since you would create it empty, but if the role truly has permissions via IAM, then that should be irrelevant I think?

That's what I tried. It did not work. From what I have been reading, I need to assume the role explicitly. Not sure.

I’ll take a look at the collection and see if this is possible - this seems like if it isn’t , it should be allowed?