[GH-ISSUE #2385] Can't mount using AWS Cli Profile with role_arn and source_profile #1168

New issue

Open

opened 2026-03-04 01:51:53 +03:00 by kerem · 1 comment

kerem commented

2026-03-04 01:51:53 +03:00

Owner

Originally created by @gitgpi on GitHub (Nov 29, 2023).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2385

Additional Information

Version of s3fs being used (1.93)

Version of fuse being used (2.9.9)

Kernel information (6.1.49-70.116.amzn2023.aarch64)

GNU/Linux Distribution, if applicable

NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3⭕amazon:amazon_linux:2023"

How to run s3fs, if applicable

[] command line
[] /etc/fstab

s3fs my_bucket -o sigv2 -o use_rrs -o allow_other -o uid=1001 -o mp_umask=002 -o multireq_max=5 -o profile=my_profile /home/my_bucket -f

s3fs syslog messages (`grep s3fs /var/log/syslog`, `journalctl | grep s3fs`, or `s3fs outputs`)

Failed to check bucket and directory for mount point : Invalid Credentials(host=https://s3.amazonaws.com)

Details about issue

I have a bucket that in order to access it I need to configure my ~/.aws/config with the parameter role_arn and source_profile, it works fine when usin aws cli command and also boto3, but it doesn't work using s3fs.

Originally created by @gitgpi on GitHub (Nov 29, 2023). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2385  ### Additional Information #### Version of s3fs being used (1.93)  #### Version of fuse being used (2.9.9)  #### Kernel information (6.1.49-70.116.amzn2023.aarch64)  #### GNU/Linux Distribution, if applicable NAME="Amazon Linux" VERSION="2023" ID="amzn" ID_LIKE="fedora" VERSION_ID="2023" PLATFORM_ID="platform:al2023" PRETTY_NAME="Amazon Linux 2023" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"  #### How to run s3fs, if applicable  [] command line [] /etc/fstab  ``` s3fs my_bucket -o sigv2 -o use_rrs -o allow_other -o uid=1001 -o mp_umask=002 -o multireq_max=5 -o profile=my_profile /home/my_bucket -f ``` #### s3fs syslog messages (`grep s3fs /var/log/syslog`, `journalctl | grep s3fs`, or `s3fs outputs`)  ``` Failed to check bucket and directory for mount point : Invalid Credentials(host=https://s3.amazonaws.com) ``` ### Details about issue  I have a bucket that in order to access it I need to configure my ~/.aws/config with the parameter role_arn and source_profile, it works fine when usin aws cli command and also boto3, but it doesn't work using s3fs.

kerem added the

need info

label

2026-03-04 01:51:53 +03:00

kerem commented

2026-03-04 01:51:54 +03:00

Author

Owner

@ggtakec commented on GitHub (Feb 12, 2024):

@gitgpi
Looking at the command line, I think there is no problem.
For your reference, if you authenticate to s3fs using the default profile in the ${HOME}/.aws/credential file used by the aws cli, you can leave the profile option unspecified.
If you want to use something other than default in this file, please specify profile.(In your case, it seems you are specifying profile=my_profile)

Try specifying the dbglevel and curldbg options to collect detailed logs.
I think that log will help you solve this problem.

For reference, the s3fs authentication process is the following function.
https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs_cred.cpp#L955-L970

Inspect the authentication token, etc. in the following order.

// 1 - from the command line (security risk)
// 2 - from a password file specified on the command line
// 3 - from environment variables
// 3a - from the AWS_CREDENTIAL_FILE environment variable
// 3b - from ${HOME}/.aws/credentials
// 4 - from the users ~/.passwd-s3fs
// 5 - from /etc/passwd-s3fs

@ggtakec commented on GitHub (Feb 12, 2024): @gitgpi Looking at the command line, I think there is no problem. For your reference, if you authenticate to s3fs using the `default` profile in the ${HOME}/.aws/credential file used by the aws cli, you can leave the `profile` option unspecified. If you want to use something other than `default` in this file, please specify `profile`.(In your case, it seems you are specifying `profile=my_profile`) Try specifying the `dbglevel` and `curldbg` options to collect detailed logs. I think that log will help you solve this problem. For reference, the s3fs authentication process is the following function. https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs_cred.cpp#L955-L970 Inspect the authentication token, etc. in the following order. ``` // 1 - from the command line (security risk) // 2 - from a password file specified on the command line // 3 - from environment variables // 3a - from the AWS_CREDENTIAL_FILE environment variable // 3b - from ${HOME}/.aws/credentials // 4 - from the users ~/.passwd-s3fs // 5 - from /etc/passwd-s3fs ```

kerem referenced this issue

2026-03-04 02:02:30 +03:00

[PR #1168] [CLOSED] In memory cache for softlinks #1859

kerem referenced this issue

2026-03-04 02:02:34 +03:00

[PR #1209] [MERGED] In memory cache for softlinks with cache out - #1168 #1873