Inconsistent behavior of S3 backups

1 post / 0 new
#1 Sat, 03/09/2019 - 06:49
prezzz

Inconsistent behavior of S3 backups

Hello everyone,

I have a problem using the AWS S3 backups in my Virtualmin install.

Here's what I have set up on AWS side:

  • user set up in AWS IAM
  • wide policy attached to the user (AmazonS3FullAccess),
  • credentials generated (access key and secret key)

Here's what I have set up on Virtualmin side:

  • installed awscli from package manager,
  • set up the AWS user in Cloud Storage Providers

I've tested the aws command from shell and it worked fine using some basic functions like: aws s3 cp FILENAME s3://BUCKETNAME

I've tested creating a new bucket directlyin Virtualmin and it worked fine (which confirms that the credentials are fine).

But the uploads from Virtualmin won't get through. With Frankfurt-based bucket there's authentication problem which I'm aware of:

.. upload failed! upload failed: ../../../../tmp/.webmin/8671-/DOMAINNAME.tar.gz to s3://BUCKETNAME/DOMAINNAME.tar.gz A client error (InvalidRequest) occurred when calling the PutObject operation: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

so I've been also testing Ireland and North California based buckets with no success. For smaller uploads the following error is returned:

.. upload failed! upload failed: ../../../../tmp/.webmin/4299-/DOMAINNAME.tar.gz to s3://BUCKETNAME/DOMAINNAME.tar.gz A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied

And for larger files I get the following error:

.. upload failed! upload failed: ../../../../tmp/.webmin/4299-/DOMAINNAME.tar.gz to s3://BUCKETNAME/DOMAINNAME.tar.gz A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Anonymous users cannot initiate multipart uploads. Please authenticate.

That is for North California based bucket. Using the very same credentials as those that resulted in successfully created new bucket.

Any idea what could be causing this?