[GH-ISSUE #742] "No AWSAccessKey was presented" Using iam_role #426

Closed
opened 2026-03-04 01:45:27 +03:00 by kerem · 8 comments
Owner

Originally created by @trejas on GitHub (Apr 2, 2018).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/742

< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: us-east-2
< x-amz-request-id: 17A9FBA30B0EC2C3
< x-amz-id-2: UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 02 Apr 2018 19:08:23 GMT
< Server: AmazonS3
< 
* Connection #2 to host s3testnospacesinnowatts.s3.us-east-2.amazonaws.com left intact
[INF]       curl.cpp:RequestPerform(2066): HTTP response code 403 was returned, returning EPERM
[ERR] curl.cpp:CheckBucket(3094): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>No AWSAccessKey was presented.</Message><RequestId>17A9FBA30B0EC2C3</RequestId><HostId>UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30=</HostId></Error>
[CRT] s3fs.cpp:s3fs_check_service(3807): invalid credentials(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3365): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3438): destroy
[WAN] s3fs.cpp:s3fs_destroy(3442): Could not release curl library.

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.

Version of s3fs being used (s3fs --version)

Amazon Simple Storage Service File System V1.83

Version of fuse being used (pkg-config --modversion fuse)

2.9.4

System information (uname -r)

4.9.81-35.56.amzn1.x86_64

Distro (cat /etc/issue)

Amazon Linux AMI release 2017.09

s3fs command line used (if applicable)

s3fs <bucket_name> /mnt/test_mount -o allow_other -f -o dbglevel=info -o curldbg -o iam_role="auto"

Details about issue

Will not allow me to mount the s3 bucket. The IAM role I am referencing has full access to s3. Not sure why the command is telling me that there are no credentials being presented.

Originally created by @trejas on GitHub (Apr 2, 2018). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/742 ``` < HTTP/1.1 403 Forbidden < x-amz-bucket-region: us-east-2 < x-amz-request-id: 17A9FBA30B0EC2C3 < x-amz-id-2: UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30= < Content-Type: application/xml < Transfer-Encoding: chunked < Date: Mon, 02 Apr 2018 19:08:23 GMT < Server: AmazonS3 < * Connection #2 to host s3testnospacesinnowatts.s3.us-east-2.amazonaws.com left intact [INF] curl.cpp:RequestPerform(2066): HTTP response code 403 was returned, returning EPERM [ERR] curl.cpp:CheckBucket(3094): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>No AWSAccessKey was presented.</Message><RequestId>17A9FBA30B0EC2C3</RequestId><HostId>UUoQ4rWX2WGMbw4lA1S6TNlUUrQSxCM1PxFtms5LSefBBoInBoBgYhnDeDfdEfEqGHHBT0q9T30=</HostId></Error> [CRT] s3fs.cpp:s3fs_check_service(3807): invalid credentials(host=https://s3.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3365): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3438): destroy [WAN] s3fs.cpp:s3fs_destroy(3442): Could not release curl library. ``` ### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ #### Version of s3fs being used (s3fs --version) Amazon Simple Storage Service File System V1.83 #### Version of fuse being used (pkg-config --modversion fuse) 2.9.4 #### System information (uname -r) 4.9.81-35.56.amzn1.x86_64 #### Distro (cat /etc/issue) Amazon Linux AMI release 2017.09 #### s3fs command line used (if applicable) ``` s3fs <bucket_name> /mnt/test_mount -o allow_other -f -o dbglevel=info -o curldbg -o iam_role="auto" ``` ### Details about issue Will not allow me to mount the s3 bucket. The IAM role I am referencing has full access to s3. Not sure why the command is telling me that there are no credentials being presented.
kerem closed this issue 2026-03-04 01:45:27 +03:00
Author
Owner

@ramirantala commented on GitHub (Apr 15, 2018):

I have the same issue with exactly same versions.

I also verified with aws s3 cli that I can access the bucket.

<!-- gh-comment-id:381421411 --> @ramirantala commented on GitHub (Apr 15, 2018): I have the same issue with exactly same versions. I also verified with aws s3 cli that I can access the bucket.
Author
Owner

@ramirantala commented on GitHub (Apr 15, 2018):

Actually it works if I specify the url to s3

-o url="https://s3-eu-west-1.amazonaws.com"

<!-- gh-comment-id:381422814 --> @ramirantala commented on GitHub (Apr 15, 2018): Actually it works if I specify the url to s3 -o url="https://s3-eu-west-1.amazonaws.com"
Author
Owner

@trejas commented on GitHub (Apr 16, 2018):

You beat me to it. Was going to post the same suggestion.

<!-- gh-comment-id:381467846 --> @trejas commented on GitHub (Apr 16, 2018): You beat me to it. Was going to post the same suggestion.
Author
Owner

@gaul commented on GitHub (Feb 3, 2020):

It appears this issue has a workaround. Please reopen if my understanding is incorrect.

<!-- gh-comment-id:581293883 --> @gaul commented on GitHub (Feb 3, 2020): It appears this issue has a workaround. Please reopen if my understanding is incorrect.
Author
Owner

@Makeshift commented on GitHub (Nov 26, 2020):

For reference, this still seems to be an issue with v1.87 (on EPEL).

Two buckets succeed in mounting:

iea-shared-bckt-gnplng-stcv4-tst
iea-shared-bckt-gnplng-stcv4-prd

Two do not:

iea-dev-gnplng-dt-dv-r-st-dv-cm-files-store
iea-dev-gnplng-dt-dv-r-st-dv-cm-temp-secrets

The instance role has the AWS-provided AmazonS3FullAccess policy attached.

The listed workaround works, but it's still an odd one.

<!-- gh-comment-id:734321018 --> @Makeshift commented on GitHub (Nov 26, 2020): For reference, this still seems to be an issue with v1.87 (on EPEL). Two buckets succeed in mounting: ``` iea-shared-bckt-gnplng-stcv4-tst iea-shared-bckt-gnplng-stcv4-prd ``` Two do not: ``` iea-dev-gnplng-dt-dv-r-st-dv-cm-files-store iea-dev-gnplng-dt-dv-r-st-dv-cm-temp-secrets ``` The instance role has the AWS-provided `AmazonS3FullAccess` policy attached. The listed workaround works, but it's still an odd one.
Author
Owner

@joaoportela commented on GitHub (Feb 2, 2021):

Same happened to me too. Specifying the URL to s3 also solved the issue for me.

<!-- gh-comment-id:771604558 --> @joaoportela commented on GitHub (Feb 2, 2021): Same happened to me too. Specifying the URL to s3 also solved the issue for me.
Author
Owner

@superuser5 commented on GitHub (Feb 11, 2021):

same here, added -o url="https://s3-$EC2_REGION.amazonaws.com" to avoid the error message

whole line: s3fs -o iam_role='auto' -o use_cache=/tmp/s3fs share /opt/share/ -o _netdev -o allow_other -o iam_role=auto -o parallel_count=15 -o dbglevel=info -o multipart_size=128 -o curldbg -o url="https://s3-$EC2_REGION.amazonaws.com"

<!-- gh-comment-id:777349297 --> @superuser5 commented on GitHub (Feb 11, 2021): same here, added -o url="https://s3-$EC2_REGION.amazonaws.com" to avoid the error message whole line: s3fs -o iam_role='auto' -o use_cache=/tmp/s3fs share /opt/share/ -o _netdev -o allow_other -o iam_role=auto -o parallel_count=15 -o dbglevel=info -o multipart_size=128 -o curldbg -o url="https://s3-$EC2_REGION.amazonaws.com"
Author
Owner

@leezu commented on GitHub (Sep 9, 2021):

Another option is to change the endpoint in the aws config file: aws configure set default.s3.use_dualstack_endpoint true

<!-- gh-comment-id:915654305 --> @leezu commented on GitHub (Sep 9, 2021): Another option is to change the endpoint in the aws config file: `aws configure set default.s3.use_dualstack_endpoint true`
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#426
No description provided.