DataStax Help Center

Configuring OpsCenter 5.1 backup to AWS S3 fails with "Unable to authenticate against AWS with the provided key and secret"

Summary

An attempt to configure S3 as a backup location in OpsCenter results in authentication failures.

Symptoms

An attempt to configure S3 as a backup location in the OpsCenter web UI returns the following error in a dialog box:

Location validation error: 'Unable to authenticate against AWS with the provided key and secret.'

An error message is also reported in the opscenterd.log :

2015-07-06 07:50:04+0000 [] ERROR: Problem while calling decorator (InvalidCredsError): 'Unable to authenticate against AWS with the provided key and secret.' 
File "/usr/share/opscenter/lib/py-redhat/2.6/shared/amd64/twisted/internet/defer.py", line 1018, in _inlineCallbacks 
result = result.throwExceptionIntoGenerator(g)

Cause

The issue is a result of the AWS Identity Access Management (IAM) user having insufficient privileges to access the S3 buckets, specifically the ListAllMyBuckets action. OpsCenter uses the Apache jclouds toolkit to access AWS resources and jclouds iterates through the IAM user's buckets.

Solution

Make sure that the AWS IAM user has the base privileges as well as the following privilege for the ListAllMyBuckets action:

"Action": "s3:ListAllMyBuckets"

Below is a non-exhaustive list of actions to consider that an IAM user should have:

  • CreateBucket - if the bucket specified does not already exist
  • DeleteObject - for auto-cleanup via retention policy on scheduled backups
  • GetBucketLocation
  • GetObject
  • ListBucket - OpsCenter does a few things that check for bucket existence
  • ListMultipartUploadParts
  • PutObject

See also

OpsCenter 5.1.0 snapshots to AWS S3 failing

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk