I have created an MWAA Cluster using terraform. I am trying to import variables using curl command. But it fails with an 403 Exception

Question

I have created an MWAA Cluster using terraform. I am trying to import variables using the curl command. But it fails with a 403 Exception. Airflow Version: v1.10.12 Exception:

You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.

Script used:

    interpreter = ["/bin/bash", "-c"]
    command = <<EOF
    export MWAA_ENVIRONMENT=${var.mwaa_name}
    OP=$(aws mwaa create-cli-token --name $MWAA_ENVIRONMENT)
    CLI_TOKEN=$(echo $OP | jq -r '.CliToken')
      curl -s --request POST "https://test/aws_mwaa/cli" \
     --header "Authorization: Bearer $CLI_TOKEN" \
     --header "Content-Type: text/plain" \
     --data-raw "variables -s $key $value"
EOF

Answer 1

This python script is allowing me to upload a sinlge variable to mwaa instance but If I pass nested json as a input text it's giving me 500 error.

val = (key + " " + str(json_dictionary[key]))
        mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
        mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
        raw_data = f"variables set export -v js.json"
        mwaa_response = requests.post(
            mwaa_webserver_hostname,
            headers={
                'Authorization': mwaa_auth_token,
                'Content-Type': 'text/plain'
                },
            data=raw_data
            )

Full script is available here

Answer 2

In order to use MWAA CLI you need to make sure you are following these prerequisites

• AWS account access in AWS Identity and Access Management (IAM) to the Amazon MWAA permissions policy in Apache Airflow UI access policy: AmazonMWAAWebServerAccess.

• AWS account access in AWS Identity and Access Management (IAM) to the Amazon MWAA permissions policy Full API and console access policy: AmazonMWAAFullApiAccess.