I'm using rclone 1.50.2 on centos 7 on an amazon ec2 system.
I recently set this system up to use an instance service account so I didn't have to store my access keys.
Now, doing an "aws s3 ls s3://bucketname" works fine. As does doing a "cp" of a file there, or a "rm" of the file.
Rclone doesn't seem to be falling through to the account though. I get a 302 permission denied for anything I try to sync there. From the documentation, the policy I set was:
(chunk of terraform)
data "aws_iam_policy_document" "mirror-s3-policy" {
statement {
actions = [
"s3:DeleteObject",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectACL",
"s3:ReplicateObject",
"s3:RestoreObject"
]
resources = [
"${aws_s3_bucket.bucket1.arn}/*",
"${aws_s3_bucket.bucket1.arn}"
]
}
}
Top of the log file (902 addition errors excluded )
2019/12/19 19:50:08 DEBUG : rclone: Version "v1.50.2" starting with parameters ["rclone" "--log-file
=/tmp/log" "-P" "-vvvv" "--s3-use-accelerate-endpoint" "--s3-region=us-east-2" "--exclude=/8" "--exc
lude=/8*/**" "--exclude=/7" "--exclude=/7*/**" "-L" "--transfers=15" "--checkers=10" "--max-backlog=
200000" "sync" "/mirror/centos" "s3:bucket1/centos/"]
2019/12/19 19:50:08 DEBUG : Using config file from "/root/.config/rclone/rclone.conf"
2019/12/19 19:50:09 DEBUG : 7: Excluded
2019/12/19 19:50:09 DEBUG : 7.6.1810: Excluded
2019/12/19 19:50:09 DEBUG : 7.7.1908: Excluded
2019/12/19 19:50:09 DEBUG : 8: Excluded
2019/12/19 19:50:09 DEBUG : 8-stream: Excluded
2019/12/19 19:50:09 DEBUG : 8.0.1905: Excluded
2019/12/19 19:50:09 INFO : S3 bucket bucket1 path centos: Waiting for checks
to finish
2019/12/19 19:50:09 INFO : S3 bucket bucket1 path centos: Waiting for transfe
rs to finish
2019/12/19 19:50:09 ERROR : RPM-GPG-KEY-CentOS-5: Failed to copy: s3 upload: 403 Forbidden: <?xml ve
rsion="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>884DFD81EAF03B65</Request
Id><HostId>gtF9KeWPig8HT5uguQ8D9ObiuJuY6vmGHk4BiXUw+oLVErwv453iyS1c3avYN03BN1skucwaGH8=</HostId></Er
ror>
2019/12/19 19:50:09 ERROR : dir_sizes: Failed to copy: s3 upload: 403 Forbidden: <?xml version="1.0"
encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A496D7EB3FF59CC5</Request
Id><HostId>cVvKyqS3jFzyMY3fR3m9Uiuu4JNF3CJlglky4uq7HSIZkyO1ezTf9UmwX95qyEsC7kvo5zAr2ts=</HostId></Er
ror>
The config file is:
[s3]
type = s3
provider = AWS
env_auth = false
region = eu-west-1
acl = public-read
storage_class = STANDARD
Again, the aws cli tool does file operations perfectly fine.
Is there a permission I'm missing? The docs out of date?