Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't mount using AWS Cli Profile with role_arn and source_profile #2385

Open
gitgpi opened this issue Nov 29, 2023 · 1 comment
Open

Can't mount using AWS Cli Profile with role_arn and source_profile #2385

gitgpi opened this issue Nov 29, 2023 · 1 comment
Labels
need info Waiting for reporter feedback

Comments

@gitgpi
Copy link

gitgpi commented Nov 29, 2023

Additional Information

Version of s3fs being used (1.93)

Version of fuse being used (2.9.9)

Kernel information (6.1.49-70.116.amzn2023.aarch64)

GNU/Linux Distribution, if applicable

NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"

How to run s3fs, if applicable

[] command line
[] /etc/fstab

s3fs my_bucket -o sigv2 -o use_rrs -o allow_other -o uid=1001 -o mp_umask=002 -o multireq_max=5 -o profile=my_profile /home/my_bucket -f

s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)

Failed to check bucket and directory for mount point : Invalid Credentials(host=https://s3.amazonaws.com)

Details about issue

I have a bucket that in order to access it I need to configure my ~/.aws/config with the parameter role_arn and source_profile, it works fine when usin aws cli command and also boto3, but it doesn't work using s3fs.
@ggtakec
Copy link
Member

ggtakec commented Feb 12, 2024

@gitgpi
Looking at the command line, I think there is no problem.
For your reference, if you authenticate to s3fs using the default profile in the ${HOME}/.aws/credential file used by the aws cli, you can leave the profile option unspecified.
If you want to use something other than default in this file, please specify profile.(In your case, it seems you are specifying profile=my_profile)

Try specifying the dbglevel and curldbg options to collect detailed logs.
I think that log will help you solve this problem.

For reference, the s3fs authentication process is the following function.
https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs_cred.cpp#L955-L970

Inspect the authentication token, etc. in the following order.

// 1 - from the command line (security risk)
// 2 - from a password file specified on the command line
// 3 - from environment variables
// 3a - from the AWS_CREDENTIAL_FILE environment variable
// 3b - from ${HOME}/.aws/credentials
// 4 - from the users ~/.passwd-s3fs
// 5 - from /etc/passwd-s3fs

@ggtakec ggtakec added the need info Waiting for reporter feedback label Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
need info Waiting for reporter feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ggtakec @gitgpi