S3 connection

piyushk
piyushk Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Adv Designer, Registered Posts: 55 ✭✭✭✭✭

I am having two AWS instances (Say Instance 1 and 2) with OS as RHEL 7. Instance 1 is having IAM role A and Instance 2 is also having IAM role A.

When I make S3 connection from Instance 1 to list files in buckets, I am able to browse through files. The same process is not working on Instance 2 and I am getting error as 403 Forbidden.

Both the instances are using same IAM role to get temporary credentials. So, I suppose there is no access permission issue here, as Instance 1 is working fine and Instance 2 is not.

Moreover, on instance 2, it is not confined to one bucket, I am getting same error for all S3 connection on Instance 2.

On both the instances, DSS version 6.0.2 is installed.

What cab be the reason for above problem?

Answers

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker

    Hi,

    Could you try with the aws CLI on instance 2 to see if you can reproduce the issue there ?

  • piyushk
    piyushk Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Adv Designer, Registered Posts: 55 ✭✭✭✭✭

    I executed the command: aws s3 cp sample.txt s3://<bucket-name>/<prefix>/sample.txt --sse AES256 on both the instances and it was successful.

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker

    It may be that your bucket mandates encryption. Have you enabled encryption in the settings of the S3 connection in DSS?

  • piyushk
    piyushk Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Adv Designer, Registered Posts: 55 ✭✭✭✭✭

    Yes, i have enabled encryption in settings of S3 connection. On both the instances, connection settings is same.

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker

    Hi,

    Then I'm sorry but I think we're out of ideas. We'd advise you to keep looking for environmental differences, including double-checking your instance profile, your ~/.aws/credentials, the settings of the S3 connection.

    You may also want to send the stack of the AWS error, which may give a hint about which particular operation fails.

    You may also want to reach out to AWS support with the request ID, as they may be able to provide you with further details of why it was rejected.

Setup Info
    Tags
      Help me…