S3fs-fuse: "No AWSAccessKey was presented" Using iam_role

Created on 2 Apr 2018  路  7Comments  路  Source: s3fs-fuse/s3fs-fuse

< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: us-east-2
< x-amz-request-id: 17A9FBA30B0EC2C3
< x-amz-id-2: UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 02 Apr 2018 19:08:23 GMT
< Server: AmazonS3
< 
* Connection #2 to host s3testnospacesinnowatts.s3.us-east-2.amazonaws.com left intact
[INF]       curl.cpp:RequestPerform(2066): HTTP response code 403 was returned, returning EPERM
[ERR] curl.cpp:CheckBucket(3094): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>No AWSAccessKey was presented.</Message><RequestId>17A9FBA30B0EC2C3</RequestId><HostId>UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3807): invalid credentials(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3365): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3438): destroy
[WAN] s3fs.cpp:s3fs_destroy(3442): Could not release curl library.

Additional Information

_The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._

Version of s3fs being used (s3fs --version)

Amazon Simple Storage Service File System V1.83

Version of fuse being used (pkg-config --modversion fuse)

2.9.4

System information (uname -r)

4.9.81-35.56.amzn1.x86_64

Distro (cat /etc/issue)

Amazon Linux AMI release 2017.09

s3fs command line used (if applicable)

s3fs <bucket_name> /mnt/test_mount -o allow_other -f -o dbglevel=info -o curldbg -o iam_role="auto"

Details about issue

Will not allow me to mount the s3 bucket. The IAM role I am referencing has full access to s3. Not sure why the command is telling me that there are no credentials being presented.

Most helpful comment

Actually it works if I specify the url to s3

-o url="https://s3-eu-west-1.amazonaws.com"

All 7 comments

I have the same issue with exactly same versions.

I also verified with aws s3 cli that I can access the bucket.

Actually it works if I specify the url to s3

-o url="https://s3-eu-west-1.amazonaws.com"

You beat me to it. Was going to post the same suggestion.

It appears this issue has a workaround. Please reopen if my understanding is incorrect.

For reference, this still seems to be an issue with v1.87 (on EPEL).

Two buckets succeed in mounting:

iea-shared-bckt-gnplng-stcv4-prd

Two do not:

iea-dev-gnplng-dt-dv-r-st-dv-cm-temp-secrets

The instance role has the AWS-provided AmazonS3FullAccess policy attached.

The listed workaround works, but it's still an odd one.

Same happened to me too. Specifying the URL to s3 also solved the issue for me.

same here, added -o url="https://s3-$EC2_REGION.amazonaws.com" to avoid the error message

whole line: s3fs -o iam_role='auto' -o use_cache=/tmp/s3fs share /opt/share/ -o _netdev -o allow_other -o iam_role=auto -o parallel_count=15 -o dbglevel=info -o multipart_size=128 -o curldbg -o url="https://s3-$EC2_REGION.amazonaws.com"

Was this page helpful?
0 / 5 - 0 ratings

Related issues

LouNik1984 picture LouNik1984  路  4Comments

mayying picture mayying  路  9Comments

lucheng1 picture lucheng1  路  3Comments

qspencer picture qspencer  路  6Comments

JamesB7 picture JamesB7  路  3Comments