Support » Plugin: Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more » Your AWS S3 settings are incorrect or the bucket does not exist

  • Resolved garikaib

    (@garikaib)


    I am testing the new S3 Compatible Buckets. Even though I have created a bucket, and keys I am still getting this error. I know the bucket exists and the keys are working because I have used s3cmd and was able to upload and download to the cloud.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author interfacelab

    (@interfacelab)

    Make sure your policy looks like this (at a minimum):

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:DeleteObjectTagging",
                    "s3:ListBucketMultipartUploads",
                    "s3:DeleteObjectVersion",
                    "s3:ListBucket",
                    "s3:DeleteObjectVersionTagging",
                    "s3:GetBucketAcl",
                    "s3:ListMultipartUploadParts",
                    "s3:PutObject",
                    "s3:GetObjectAcl",
                    "s3:GetObject",
                    "s3:AbortMultipartUpload",
                    "s3:DeleteObject",
                    "s3:GetBucketLocation",
                    "s3:PutObjectAcl"
                ],
                "Resource": [
                    "arn:aws:s3:::YOURBUCKET/*",
                    "arn:aws:s3:::YOURBUCKET"
                ]
            },
            {
                "Effect": "Allow",
                "Action": "s3:HeadBucket",
                "Resource": "*"
            }
        ]
    }

    Make sure you are specifying the correct region, or setting the region to “auto” in settings.

    If you have transfer acceleration enabled in the plugin, make sure it is enabled on the bucket.

    I’ve deployed this plugin on over 20 sites, so my guess is your IAM policy doesn’t include s3:HeadBucket or is missing some of the others.

    Can’t get this to work.

    AWS won’t let me put s3:HeadBucket anywhere – says “Policy has invalid action” if I try to add it to first list of actions. If I configure as above it says “Missing required field Principal”: if I then add that (to the 2nd “Effect” block) it says “The policy contains invalid Json”.

    This is the closest I can get which AWS will save without errors…

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::arn-goes-here:root"
                },
                "Action": [
                    "s3:DeleteObjectTagging",
                    "s3:ListBucketMultipartUploads",
                    "s3:DeleteObjectVersion",
                    "s3:ListBucket",
                    "s3:DeleteObjectVersionTagging",
                    "s3:GetBucketAcl",
                    "s3:ListMultipartUploadParts",
                    "s3:PutObject",
                    "s3:GetObjectAcl",
                    "s3:GetObject",
                    "s3:AbortMultipartUpload",
                    "s3:DeleteObject",
                    "s3:GetBucketLocation",
                    "s3:PutObjectAcl"
                ],
                "Resource": [
                    "arn:aws:s3:::bucket-name/*",
                    "arn:aws:s3:::bucket-name"
                ]
            }
        ]
    }
    Plugin Author interfacelab

    (@interfacelab)

    Remove the principal element all together, that’s for creating a different kind of policy for a different kind of user. From the AWS docs:

    Do not use the Principal element in policies that you attach to IAM users and groups. Similarly, you do not specify a principal in the permission policy for an IAM role. In those cases, the principal is implicitly the user that the policy is attached to (for IAM users) or the user who assumes the role (for role access policies). When the policy is attached to an IAM group, the principal is the IAM user in that group who is making the request.

    I literally just tested this with the policy I provide:

    – Go to IAM section of AWS (https://console.aws.amazon.com/iam/home?region=us-east-1#/home)
    – Click on Policy
    – Click on Create Policy
    – Click on JSON tab
    – Paste my policy template in
    – Change YOURBUCKET text to the name of the bucket
    – Click Review Policy
    – Give it a name
    – Click on Create Policy

    For adding an IAM user:

    – Go to IAM section of AWS (https://console.aws.amazon.com/iam/home?region=us-east-1#/home)
    – Click on Users
    – Click on Add user
    – Set the User name
    – Set the AWS Access type to *Programmatic access* ONLY
    – Click Next: Permissions
    – Select “Attach existing policies directly”
    – Click on Create Policy
    – In the popup window do the steps from the list above
    – Once the policy is created, as per the steps above, click on the refresh button
    – Find the policy I just created and click it’s checkbox
    – Click Next: Review
    – Click Create user

    Hello, I would like to use your plugin but I get the following error:

    1.- In the policy IAM:
    “This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies”
    I understand that the solution is “Remove the principal element all together” but I do not know what it means or how to fix it.

    I installed to try the Offload Media plugin and it works well and imports the images to the bucket without problems.

    2.- In the back office:
    I get the following error message.
    “Site is unreachable or an error occurred. Batch processing will not function. If you are using basic authentication, you may need to disable it. Error message was: HTTP response code was 503”

    3.- In the Media Cloud Troubleshooter:
    I have error in the last option only that can not work with background.
    At first I gave php error but I’ve fixed it.

    In the bucket I have the next policy:
    {
    “Version”: “2008-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowPublicRead”,
    “Effect”: “Allow”,
    “Principal”: {
    “AWS”: “*”
    },
    “Action”: “s3:GetObject”,
    “Resource”: “arn:aws:s3:::name-of-my-bucket-/*”
    }
    ]
    }

    Sorry if I mix several concepts but I’m a bit lost with the configuration.
    Many thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Your AWS S3 settings are incorrect or the bucket does not exist’ is closed to new replies.