Why can't I get to the UI for AWS Airflow using webtoken?

Question

In AWS Console, I did the following:

Created an S3 bucket & key: s3://my-airflow and s3://my-airflow/dags
Setup an Airflow Environment.
Created and attached a Service role as described here: https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html
Attached a Policy to allow my user to generate a token like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "airflow:CreateWebLoginToken",
            "Resource": [
                "arn::airflow:us-west-2:<accountID>:role/myAirflowEnv/Admin"
            ]
        }
    ]
}

Then using the cli I requested the token like this:

aws mwaa create-web-login-token --name myAirflowEnv --region us-west-2

It worked and returned a webToken 6. I then piece-mealed together the ui link as suggested (within 60 sec):

https://{generated0-uuid}-vpce.c0.us-west-2.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true#{webToken}

and pasted it in my browser.

ISSUE: The page just spins, timesout, nothing.

AWS, what is the secret?

score 0 · Answer 1 · answered Jan 22 '21 at 17:43

0

I figured out what the issue is... In my case, the Webserver is not in the in a Public Subnet Group.

Note: There is no need to call the CLI tool, there is a popout link in the AWS console to go to the UI.

answered Jan 22 '21 at 17:43

cosbor11

14,709
10
54
69

Why can't I get to the UI for AWS Airflow using webtoken?

1 Answers1

Linked