AWS Installation Problems

Access Denied and Other Permissions Problems

First make sure these permissions are available:

s3:PutObject
s3:GetObject
s3:ListBucket
s3:ListAllMyBuckets
s3:HeadBucket

Example Policy JSON for debug

IF that is not working use this policy to test. You can add back in other blocks and bucket limits later.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}
13601360

AWS Permissions issues checklist

  1. Works in Console or Command Line Interface (CLI)?
  2. Copy and paste and credentials are correct?
    NOTE If AWS Installation Credentials were changed you must restart Diffgram Service to load them. Installation Only (Not Connections).
  3. Correctly configured in general, eg Users, Roles etc.
  4. DIFFGRAM_STATIC_STORAGE_PROVIDER = 'aws'

You may see this error surfaced or it may require looking at logs (eg Docker / Diffgram Walrus )

SignatureDoesNotMatch

Error Connecting to S3: Please check you have read permissions on the S3 bucket.
The request signature we calculated does not match the signature you provided. Check your key and signing method.

There are different regions that don't support the default signature from boto3.

https://stackoverflow.com/questions/57950613/boto3-generate-presigned-url-signaturedoesnotmatch-error

📘

Solution 1 - Set IS_DIFFGRAM_S3_V4_SIGNATURE

Set IS_DIFFGRAM_S3_V4_SIGNATURE=True
Or during install answer yes to 'Use AWS Signature Version 4?[Y/n]`

📘

Solution 2 - Change Region

Change your S3 region. Change to any region (most do) that support default boto3 signatures. List of supported regions.

Blob Access X-Amz-Expires must be less then a week

Set time less then 7 days

See #968