What is the problem you are having with rclone?
When trying to use Rclone to access an S3 access point, it isn't working.
./rclone ls afs1-ap:<redacted>-s3alias/
2023/10/18 14:13:38 Failed to ls: InvalidRequest: The authorization mechanism you have provided is not supported. Please use Signature Version 4.
status code: 400, request id: <redacted>, host id: <redacted>
The AWS CLI works correctly with the access point, from the same place.
aws s3 ls <redacted>-s3alias --region af-south-1
Run the command 'rclone version' and share the full output of the command.
./rclone version
rclone v1.63.1
- os/version: amazon 2 (64 bit)
- os/kernel: 4.14.322-246.539.amzn2.x86_64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.20.6
- go/linking: static
- go/tags: none
Which cloud storage system are you using? (eg Google Drive)
Amazon s3, but via an Access Point.
The s3 bucket and the access point are created in a different account to my account.
I am trying to access it from my account using the access point alias.
Note, I have also tried using the Access Point ARN but this seems to be invalid with rclone (maybe all the semi-colons etc messing it up). The Access Point Alias does not have special characters and since it works with the AWS CLI tool I thought I would log this issue with the same context - using the access point alias rather than the ARN.
Here is roughly what I get when trying the AP ARN:
./rclone -vvv ls afs1-ap:arn:aws:s3:af-south-1:123456123456:accesspoint/my-access-point
<output>
2023/10/18 14:22:50 Failed to ls: InvalidARNError: invalid ARN
caused by: invalid Amazon s3 ARN, resource-id not set, arn:aws:s3:af-south-1:123456123456:accesspoint
Note, I am not using the more recent "Cross Account Access Point" which is when the bucket and the access point are in different accounts. I am using the older "standard" access point described above, where bucket and access point are in the same account (another account) and have been shared with my account (specifically, my VPC in my account).
I have tried specifying the access point standard endpoint for my region, which is documented here:
The command you were trying to run (eg rclone copy /tmp remote:tmp
)
./rclone -vvvvv ls afs1-ap:<redacted>-s3alias/
Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.
./rclone config redacted
Command config needs 0 arguments maximum: you provided 1 non flag arguments: ["redacted"]
./rclone config file
Configuration file is stored at:
/home/ec2-user/.config/rclone/rclone.conf
cat /home/ec2-user/.config/rclone/rclone.conf
[afs1-ap]
type = s3
provider = AWS
no_check_bucket = true
server_side_encryption=aws:kms
region = af-south-1
# location_constraint = af-south-1
endpoint = https://s3-accesspoint.af-south-1.amazonaws.com
A log from the command that you were trying to run with the -vv
flag
./rclone -vvvvv ls afs1-ap:<redacted>-s3alias/
2023/10/18 14:09:03 DEBUG : rclone: Version "v1.63.1" starting with parameters ["./rclone" "-vvvvv" "ls" "afs1-ap:<redacted>-s3alias/"]
2023/10/18 14:09:03 DEBUG : Creating backend with remote "afs1-ap:<redacted>-s3alias/"
2023/10/18 14:09:03 DEBUG : Using config file from "/home/ec2-user/.config/rclone/rclone.conf"
2023/10/18 14:09:03 DEBUG : name = "afs1-ap", root = "<redacted>-s3alias/", opt = &s3.Options{Provider:"AWS", EnvAuth:false, AccessKeyID:"", SecretAccessKey:"", Region:"af-south-1", Endpoint:"https://s3-accesspoint.af-south-1.amazonaws.com", STSEndpoint:"", LocationConstraint:"", ACL:"", BucketACL:"", RequesterPays:false, ServerSideEncryption:"aws:kms", SSEKMSKeyID:"", SSECustomerAlgorithm:"", SSECustomerKey:"", SSECustomerKeyBase64:"", SSECustomerKeyMD5:"", StorageClass:"", UploadCutoff:209715200, CopyCutoff:4999341932, ChunkSize:5242880, MaxUploadParts:10000, DisableChecksum:false, SharedCredentialsFile:"", Profile:"", SessionToken:"", UploadConcurrency:4, ForcePathStyle:true, V2Auth:false, UseAccelerateEndpoint:false, LeavePartsOnError:false, ListChunk:1000, ListVersion:0, ListURLEncode:fs.Tristate{Value:false, Valid:false}, NoCheckBucket:true, NoHead:false, NoHeadObject:false, Enc:0x3000002, MemoryPoolFlushTime:60000000000, MemoryPoolUseMmap:false, DisableHTTP2:false, DownloadURL:"", DirectoryMarkers:false, UseMultipartEtag:fs.Tristate{Value:false, Valid:false}, UsePresignedRequest:false, Versions:false, VersionAt:fs.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, Decompress:false, MightGzip:fs.Tristate{Value:false, Valid:false}, UseAcceptEncodingGzip:fs.Tristate{Value:false, Valid:false}, NoSystemMetadata:false}
2023/10/18 14:09:03 DEBUG : Resolving service "s3" region "af-south-1"
2023/10/18 14:09:03 DEBUG : fs cache: renaming cache item "afs1-ap:<redacted>-s3alias/" to be canonical "afs1-ap:<redacted>-s3alias"
2023/10/18 14:09:03 DEBUG : 4 go routines active
2023/10/18 14:09:03 Failed to ls: InvalidRequest: The authorization mechanism you have provided is not supported. Please use Signature Version 4.
status code: 400, request id: <redacted>, host id: <redacted>
I saw the below topic was marked as resolved, but unfortunately specifying the endpoint didn't help me.