When creating an Amazon S3 container, there is a GET request in the s3.inc to check for amazon permissions. The GET request does not include the bucket, and it fails to check bucket permissions, thus failing the container creation.

Patch attached

CommentFileSizeAuthor
bucket_name_to_GET.patch502 bytesmaciekrb
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

pmagunia’s picture

I got it to work without the patch. I don't know if other users are experiencing the same.

I did have 1.4 installed previously, but then ran update.php when I upgraded.

I was having trouble with the namespace- it can't contain caps or underscores.

maciekrb’s picture

Status: Active » Closed (works as designed)

This was just a stupid mistake on my end. Actually it is expected to not include the bucket name as the request is intended to list all existent buckets. My problem was a wrong policy. Here is the policy that makes the thing work without problems:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::mybucket/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:ListAllMyBuckets"  # <=== if you don't allow ListAllMyBuckets, the initial GET request will fail and thus you will get a permissions error.
      ],
      "Resource": "arn:aws:s3:::*"
    }
  ]
}