403 forbidden on s3://snowplow-hosted-assets


#1

Didn’t want to hijack Phil’s thread, but I believe having the same issue from ap-southeast-2. Would anyone be able to confirm?

Unexpected error: Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>78D05CD27585AF4B</RequestId><HostId>xASPF1IGxUzvOTmNF/YNJlztuI57my2/WHnNuZM+jpWBQKrUsbmDeRl19ssp8rDL79nosEfyKrc=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Content-Type"        => "application/xml"
    "Date"                => "Wed, 13 Sep 2017 03:31:55 GMT"
    "Server"              => "AmazonS3"
    "x-amz-bucket-region" => "ap-southeast-2"
    "x-amz-id-2"          => "xASPF1IGxUzvOTmNF/YNJlztuI57my2/WHnNuZM+jpWBQKrUsbmDeRl19ssp8rDL79nosEfyKrc="
    "x-amz-request-id"    => "78D05CD27585AF4B"
  }
  :host          => "snowplow-hosted-assets-ap-southeast-2.s3-ap-southeast-2.amazonaws.com"
  :local_address => "10.10.22.45"
  :local_port    => 55796
  :path          => "/"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "52.95.131.42"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"

#2

This can happen as a result of a weird quirk with IAM users inside a VPC. In that case you need to add a policy explicitly allowing the user to access snowplow-hosted-assets like you would your own (private) bucket.


#3

That totally fixed it! Thank you very much!