Troubleshooting AWS-S3 Connectivity
Common Issues
The following are common issues encountered when connecting an AWS S3 bucket through a storage configuration
Access Forbidden
Access forbidden: {message}
Mostly occurs because of lack of permission. Fix: Review IAM policy, Bucket policy, ACLs for required permissions
Unsupported principal
Unsupported principal: The policy type ${policy_type} does not support the Principal element. Remove the Principal element.
This can indicate that the S3 bucket policy settings have been added to the IAM policy by mistake.
Conflict
System topic is not in a valid state
Conflict
Found conflicting storage container notifications with overlapping prefixes
Conflict
Found conflicting storage container notifications for {prefix}{eventTypeMsg}
Conflict
Found conflicting storage container notifications with overlapping prefixes{prefixMsg}{eventTypeMsg}
Customer Container Notification Exists
Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification
Invalid Access Key ID
Failed to update bucket policy: The AWS Access Key Id you provided does not exist in our records.
Check the status of the AWS Access Key ID in the console. If not active, activate it. If missing, create it.
Invalid Paramater
Missing credentials for storage container
Check the storage credential. AccessKeyId and/or SecretAccessKey is not set.
Invalid Parameter
Missing bucket name for storage container
Bucket name has not been set for the storage configuration.
Invalid Parameter
The storage container name has invalid characters
Storage container name can only contain lowercase letters, numbers, hyphens, and periods.
Invalid Parameter
Storage Container '{storageContainer}' does not exist
Update storage configuration container to a valid s3 bucket.
Invalid Parameter
Invalid parameters for volume configuration: {message}
Invalid Storage Container Location
Storage container must be located in the {region} region
Update storage configuration region to match storage container region.
Invalid Storage Container Location
Storage container must be located in one of the following regions: {regions}
Update storage configuration region to match storage container region.
Missing Configuration
Missing queue name for storage container notification
Missing Configuration
Missing system topic name for storage container notification
Missing Configuration
Missing lambda ARN for storage container notification
Missing Configuration
Missing subscription name for storage container notification
Missing Storage Account Settings
The storage account '{storageAccountName}' needs HNS (Hierarchical Namespace) enabled.
Missing Storage Container Settings
Missing settings for storage container
Specific Errors
Conflicting bucket notifications
This error occurs when an existing bucket notification's event information overlaps with the notifications ICA is trying to add. Amazon S3 event notification only allows overlapping events with non-overlapping prefix. Depending on the conflicts on the notifications, the error can be presented in any of the following:
Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification.
Invalid parameters for volume configuration: found conflicting storage container notifications with overlapping prefixes.
Failed to update bucket policy: Configurations overlap. Configurations on the same bucket cannot share a common event type.
Solution:
In the Amazon S3 Console, review your current S3 bucket's notification configuration and look for prefixes that overlap with your Storage Configuration's key prefix.
Delete the existing notification that overlaps with your Storage Configuration's key prefix.
ICA will perform a series of steps in the background to re-verify the connection to your bucket.
GetTemporaryUploadCredentialsAsync failure
This error can occur when recreating a recently deleted storage configuration. To fix the issue, you have to delete the bucket notifications:
In the Amazon S3 Console select the bucket for which you need to delete the notifications from the list.
Choose properties.
Navigate to the Event Notifications section and choose the check box for the event notifications with name gds:objectcreated, gds:objectremoved and gds:objectrestore and click Delete.
revalidate the current storage configuration for an immediate update on the System Settings > Storage > Manage > Validate.
If you do not want to wait revalidate, you can wait 15 minutes, for the storage to become available in ICA.
Last updated
Was this helpful?