When i open /admin/backups.json i only get a generic Access Denied error
What i don’t understand is, that using the follow commands in my EC2 Instance is working properly:
aws s3 ls s3://my-bucket-name
and when going into the discourse container with ./launcher enter app i can run this also successfully after installing s3cmd:
s3cmd ls s3://my-bucket-name
I can also upload stuff into my bucket using this commands therefore the IAM policy should be fine and I cannot understand why Discourse cannot access the bucket. I also tried to add “AdministratorAccess” to the IAM role to rule out any too tight permission problems.
Configuration in Discourse:
backup location: S3
s3 backup bucket: my-bucket-name
s3 use iam profile: true
s3 region: the correct one. tripple checked.
The remaining s3 options are left untouched → Therefore mostly empty/disabled.
I’m not sure this would have anything to do with your S3 settings, it sounds like an internal Discourse permissions message. Are you able to load /admin/backups as a page (rather than appending .json to the end)?
This was an awesome hint. I could trace down the permission error and could see that Discourse was using a different user. Now to the big why and why nobody had this error before.
We have a custom plugin for sending Push Notifications through AWS SNS which was setting credentials through Aws.config.update globally and therefore S3 Backup seems to also have been using the wrong credentials that obviously did not have the required permissions.
We will now fix our plugin to locally provide the credentials/region and support EC2 IAM roles which i am preferring at this point