S3: Failed to configure the storage: AccessDenied: Access Denied

zeek · 21 April 2020 01:05

I’m using duplicacy_web_linux_x64_1.3.0 on CentOS 7.6. I’ve successfully configured several storages with this same account. Can someone please help me understand why this is suddenly occurring. Some of the details below have been obfuscated.

2020/04/20 17:56:27 192.168.1.10:61664 GET /assets/fonts/fontawesome-webfont.woff2?v=4.7.0
2020/04/20 17:57:35 192.168.1.10:61664 POST /info_storage
2020/04/20 17:57:35 Running /home/zeek/.duplicacy-web/bin/duplicacy_linux_x64_2.5.1 [-log -d info -repository /home/zeek/.duplicacy-web/repositories/localhost/all s3://us-west-1@s3.amazonaws.com/duplicacy023]
2020/04/20 17:57:35 Set current working directory to /home/zeek/.duplicacy-web/repositories/localhost/all
2020/04/20 17:57:35 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_S3_ID
2020/04/20 17:57:35 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_S3_SECRET
2020/04/20 17:57:36 INFO STORAGE_NOT_INITIALIZED The storage has not been initialized
2020/04/20 17:57:36 WARN STORAGE_LIST Failed to list repository ids: AccessDenied: Access Denied
2020/04/20 17:57:36 CLI:        status code: 403, request id: xyzxyz, host id: fffggg
2020/04/20 17:57:39 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:40 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:40 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:42 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:42 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:43 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:44 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:44 192.168.1.10:61664 POST /lookup_storage
2020/04/20 17:57:45 192.168.1.10:61664 POST /add_storage
2020/04/20 17:57:45 Failed to deleting the existing preference file: remove /home/zeek/.duplicacy-web/repositories/localhost/all/.duplicacy/preferences: no such file or directory
2020/04/20 17:57:45 Running /home/zeek/.duplicacy-web/bin/duplicacy_linux_x64_2.5.1 [-log -d init -storage-name ttt duplicacyweb s3://us-west-1@s3.amazonaws.com/duplicacy023]
2020/04/20 17:57:45 Set current working directory to /home/zeek/.duplicacy-web/repositories/localhost/all
2020/04/20 17:57:45 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_TTT_S3_ID
2020/04/20 17:57:45 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_TTT_S3_SECRET
2020/04/20 17:57:45 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_TTT_S3_ID
2020/04/20 17:57:45 DEBUG PASSWORD_ENV_VAR Reading the environment variable DUPLICACY_TTT_S3_SECRET
2020/04/20 17:57:46 ERROR CONFIG_INIT Failed to configure the storage: AccessDenied: Access Denied
2020/04/20 17:57:46 ERROR CONFIG_INIT Failed to configure the storage: AccessDenied: Access Denied
2020/04/20 17:57:46 CLI:        status code: 403, request id: xyzxyz, host id: fffggg
2020/04/20 17:57:46 Failed to initialize the storage at s3://us-west-1@s3.amazonaws.com/duplicacy023: Failed to configure the storage: AccessDenied: Access Denied

gchen · 21 April 2020 03:26

You may not have the permission to access that bucket. This page may be helpful: Troubleshoot 403 Access Denied Errors from Amazon S3

zeek · 21 April 2020 03:49

The bucket was just created. Default settings:

# aws s3api list-objects --bucket duplicacy023 --prefix exampleprefix
None	None

This is the same response returned from other successful buckets in my duplicati config.

gchen · 21 April 2020 20:35

Can you run aws s3api put-object to upload a sample file to test if you have the write permission to that bucket?

zeek · 22 April 2020 02:13

I created a new bucket.

# aws s3api put-object --bucket whatever069 --key DSCN2594b.JPG
"d41d8cd98f00b204e9800998ecf8427e"

But then that object appears as 0 bytes! I tried with the same file twice, foobar.jpg is a copy…

And when I try to configure this bucket as storage in duplicacy I get this:

Failed to initialize the storage at s3://us-west-1@s3.amazonaws.com/whatever069: Failed to configure the storage: AccessDenied: Access Denied

gchen · 22 April 2020 02:28

Maybe the endpoint for us-west-1 should be s3.us-west-1.amazonaws.com instead of s3.amazonaws.com?

zeek · 22 April 2020 02:37

ok that seemed to work. I’m unsure how to reference previous ‘endpoints’ which did or didn’t work. Can you please update docs / usage so this is more clear.

leerspace · 22 April 2020 02:38

The objects were likely 0 bytes because a --body parameter wasn’t specified. See put-object — AWS CLI 1.18.43 Command Reference

According to Amazon’s documentation you’re right. s3.amazonaws.com is only for the us-east-1 region.

zeek · 22 April 2020 02:48

wowsers. I recall reading that somewhere but please if the ui/usage could be clarified for ‘endpoints’ that would prevent alot of bruising.

leerspace · 22 April 2020 03:14

Given a bucket name, it looks like there are a couple of things the GUI might theoretically be a be able to streamline for region and endpoint selection.

Getting a region for a bucket: s3 - goDoc - Get_Bucket_Region

Getting an endpoint given a region: Using the AWS SDK for Go’s Regions and Endpoints Metadata | AWS Developer Blog

I’m not sure how easy it would be to incorporate this into the web UI, though.