S3 media saves gazillions of "AccessDenied" xmls

The Discourse works very well, media on S3 works very well. However I just noticed that the S3 bucket has thousands of small files saved every day like this:

The content of each file looks like this:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>VR5CF6C4VFAN</RequestId>
<HostId>OVpQx+h2s8sE0UG/k9/x6//kAW+Lq8/MXnwYDr0gOxnz3phq/uv4BXEaVw0CQ=</HostId>
</Error>

Why is it happening?
Can I delete those files?

2 Likes

Those look like logs or backups. Are you able to download a file from the S3 dashboard directly (not via the public URL) and view their contents? That will direct you to what is generating them. :slight_smile:

2 Likes

This is the file directly from S3. Discourse saves these tiny xml files to the S3 bucket for some reason.

The media (images, PDFs, etc) on my Discourse is working well with no issues whatsoever.

EDIT:
Sorry I just realized what you were asking, this is the content of the file:

de8e8e3b4675asd1a459600d7606d06568b10b1e94ea61ec54c36ccef95dcf rsrbt [25/Sep/2020:18:08:42 +0000] 99.124.56.223 de8e8e3b46a459500d760068b15e410b1e94ea61ec54ccef95dcf 0FA4CAA473DCF77B REST.GET.CORS - "GET /rsrbt?cors= HTTP/1.1" 404 NoSuchCORSConfiguration 311 - 33 - "-" "S3Console/0.4, aws-internal/3 aws-sdk-java/1.11.783 Linux/4.9.217-0.1.ac.205.84.332.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.252-b09 java/1.8.0_252 vendor/Oracle_Corporation" - hQWfzngEbMCWnJf3y1ELQgUAJgUHvslvzl6ZXixF1xZlaT7UUXik2HK8ggU8= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.us-east-2.amazonaws.com TLSv1.2
3 Likes

I think those are your server logs, based on the format.

Those documents show how to disable the feature, or delete the logs. :slight_smile:

The logs are not accessible to the public, hence the “Access Denied” messages.

3 Likes

@Alon1 I was just poking around in the upload settings when I noticed enable s3 inventory. I’ve never used that feature, but from the description…

Generate reports and verify uploads using Amazon S3 inventory. IMPORTANT: requires valid S3 credentials (both access key id & secret access key).

…and I thought of your directory of files. Another path to research, in case the S3 logs are not the ones described in the linked docs. :slight_smile:

3 Likes

For future reference if anyone else has this issue, the files were log files, to stop them go to your bucket properties tab on AWS
image
scroll down to server logging panel (and click Edit):


Then simply disable and save:

2 Likes