Working fine yesterday, but today I am getting 403 on all the requests sent to the S3 gateway.
Just to check, I created new S3 Credentials with all permissions for all buckets in my account in region EU1, but I still get “403 Forbidden” for all the request, whether to list buckets (listBuckets), check if a bucket exists (headBucket) or list objects in a bucket (listObjects).
The gateway seems to respond correctly to health checks:
@Yaluba a couple questions to help me better understand what the issue could be:
can you confirm if you are able to view objects from the satellite web UI?
could you privately share your EU1 account email address with me? Either via a DM on this platform, or in an email to moby@storj.io - this will allow me to check our database to see if there is anything there which could indicate a problem
Another thing you could try is generate an access grant in the satellite UI, and try to use this with uplink, e.g. with the following steps:
uplink access import jan5accesstest <access from UI>
uplink access use jan5accesstest
uplink ls
uplink ls sj://<bucketname>
If inconvenient, do not worry about testing with Uplink. Letting me know about the object browser and providing me with your email should be sufficient to start with.
It solved it looking in that direction.
The creds in “~/.aws/credentials” were old and overrode the ones passed programmatically. For some reason that I could not figure out, this started happening just after I installed aws s3 cli following the Storj instructions. This created a “~/.aws/config” and the creds in different config files probably messed with each other.
Finally, it worked again when I removed all files with credentials in “~/.aws/”. Then it started using only the ones that I pass programmatically.
If you installed an AWS CLI it starting to behave like this… almost all s3-compatible tools starting to look into ~/.aws/credentials instead of what is provided programmatically.
There are only two options:
remove ~/.aws/credentials
use environment variables to override settings in ~/.aws/credentials
By the way, I’m not sure that p.2 is enough for everyone used tool…