I am setting up an S3 multi-region access point following the tutorial (https://aws.amazon.com/getting-started/hands-on/getting-started-with-amazon-s3-multi-region-access-points/?ref=docs_gateway/amazons3/MultiRegionAccessPoints.html). I have the access point created with two buckets, and no policies on anything.
Using aws s3api list-objects-v2 --bucket arn:aws:s3::<account_id>:accesspoint/<mrap_id>.mrap
I can list the bucket contents when I am using my AWS credentials with full AWS administrator access.
However when I use other credentials where I have assumed a role with full administrator access, that same commands fails with an internal error from the remote server. All other AWS APIs are working, so I believe the credentials and the role setup are all working. aws sts get-caller-identity
completes as expected.
$ aws s3api list-objects-v2 --bucket arn:aws:s3::<account_id>:accesspoint/<mrap_id>.mrap
An error occurred (InternalError) when calling the ListObjectsV2 operation (reached max retries: 2): We encountered an internal error. Please try again.
With --debug
it shows
2023-08-17 15:42:35,441 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): <mrap_id>.mrap.accesspoint.s3-global.amazonaws.com:443
2023-08-17 15:42:35,581 - MainThread - urllib3.connectionpool - DEBUG - https://<mrap_id>.mrap.accesspoint.s3-global.amazonaws.com:443 "GET /?list-type=2&encoding-type=url HTTP/1.1" 500 None
2023-08-17 15:42:35,582 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amz-request-id': 'EQCR0HKFWSEZHZSA', 'x-amz-id-2': 'laOL3jvJ01lzN7PeFMZ59KL7u8k/7DrVzP91tq+aRQAomhu5EfTTsW2Iq8KQv10FH12KWBzWpn4=', 'Content-Type': 'application/xml', 'Transfer-Encoding': 'chunked', 'Date': 'Thu, 17 Aug 2023 05:42:34 GMT', 'Server': 'AmazonS3', 'Connection': 'close'}
2023-08-17 15:42:35,582 - MainThread - botocore.parsers - DEBUG - Response body:
b'<?xml version="1.0" encoding="UTF-8"?>\n<Error><Code>InternalError</Code><Message>We encountered an internal error. Please try again.</Message><RequestId>EQCR0HKFWSEZHZSA</RequestId><HostId>laOL3jvJ01lzN7PeFMZ59KL7u8k/7DrVzP91tq+aRQAomhu5EfTTsW2Iq8KQv10FH12KWBzWpn4=</HostId></Error>'
I have the latest CLI version: aws-cli/2.13.10 Python/3.11.4 Linux/6.1.0-10-amd64 exe/x86_64.debian.12 prompt/off
Am I doing something wrong or is this a bug?
Thanks, it works when I use a regional STS endpoint.