An attempt to configure S3 as a backup location in OpsCenter results in authentication failures.
An attempt to configure S3 as a backup location in the OpsCenter web UI returns the following error in a dialog box:
Location validation error: 'Unable to authenticate against AWS with the provided key and secret.'
An error message is also reported in the
2015-07-06 07:50:04+0000  ERROR: Problem while calling decorator (InvalidCredsError): 'Unable to authenticate against AWS with the provided key and secret.' File "/usr/share/opscenter/lib/py-redhat/2.6/shared/amd64/twisted/internet/defer.py", line 1018, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g)
The issue is a result of the AWS Identity Access Management (IAM) user having insufficient privileges to access the S3 buckets, specifically the
ListAllMyBuckets action. OpsCenter uses the Apache jclouds toolkit to access AWS resources and jclouds iterates through the IAM user's buckets.
Make sure that the AWS IAM user has the base privileges as well as the following privilege for the
Below is a non-exhaustive list of actions to consider that an IAM user should have:
CreateBucket- if the bucket specified does not already exist
DeleteObject- for auto-cleanup via retention policy on scheduled backups
ListBucket- OpsCenter does a few things that check for bucket existence