Hi, I’m running into the following permission error trying to run a flow on Prefect 2 using the ECS Worker with a service account API key scoped to a “Worker” role:

Crash detected! Execution was interrupted by an unexpected exception: PrefectHTTPStatusError: Client error '403 Forbidden' for url '<https://api.prefect.cloud/api/accounts/.../workspaces/.../block_documents/>'
Response: {'detail': 'Forbidden'}
For more information check: <https://httpstatuses.com/403>

I thought the URL path was referring to Block permissions, which the role seems to have. Do I need to give the ECS worker the “Developer” role to run flows? What is the

/block_documents/

endpoint fetching?

I ran into this same issue. Thanks for posting your solution!

can someone explain why this is happening? thanks for posting the solution, it worked for us - but i don’t like the fact i can’t use a more limited role (to prevent havoc or abuse) for the agent/worker service account

^ bumping this thread for Prefect team visibility 🙏 I would also like to limit the role’s permission scope

i think issues here are largely ignored, unless reported via github