Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Configure DMS S3 Target Endpoint for Requester Pays Bucket

0

I'm trying to configure an S3 Target Endpoint in DMS to insert load result files into a bucket with Requester Pays enabled in another AWS account. The IAM Role / Instance Profile has all the necessary S3 permissions (s3:*) granted to all resources, and when I disable the Requester Pays option on the bucket it works fine with the same Role, DMS Rules and exactly other settings. However, when I re-enable Requester Pays, it stops working and receive a 403 Access Denied error from S3. What parameter should I add on S3 Target Endpoint to make it work with a bucket with Requester Pays enabled? I couldn't find a solution in the AWS docs. Thanks.

Topics
Migration & ModernizationStorage
Tags
AWS Database Migration ServiceAmazon Simple Storage Service
Language
English
asked 10 months ago130 views
2 Answers
2

Please verify x-amz-request-payer header is included in the S3 Target Endpoint settings:

JSON

{ "requesterPaysEnabled": true }

EXPERT
answered 10 months ago
  • HL
    10 months ago

    Hi, thanks for your reply. However, that setting doesn't exist.

0

Hi,

The issue and its solution is fully detailled in https://repost.aws/knowledge-center/s3-cross-account-access-denied

You turned on Requester Pays for the bucket

If you turned on Requester Pays for your bucket, then users from other accounts must 
specify the request-payer parameter when sending requests to your bucket. Otherwise, 
those users get an Access Denied error.

To resolve this error, take the following actions:

For DELETE, GET, HEAD, POST, and PUT requests, include x-amz-request-payer : requester in the header.
For signed URLs, include x-amz-request-payer=requester in the request.
For AWS CLI commands, include the --request-payer parameter. Example:
$ aws s3 cp exampleobject.jpg s3://DOC-EXAMPLE-BUCKET/exampleobject.jpg --request-payer requester

I understand that DMS makes the access request on your behalf and that you may not be able to change. But, at least, you can verify that it is the root cause of your trouble and open a Support case in your account if DMS doesn't set this header.

Best,

Didier

EXPERT
answered 10 months ago
EXPERT
reviewed 10 months ago
  • HL
    10 months ago

    Hi, thanks for your reply. However, as I mentioned, the AWS documentation doesn't offer a solution for this case. Unfortunately, it seems that every customer who needs to use a bucket with the requester-pays option enabled has to open a support case. It would be greatly appreciated if AWS could fix this or explicitly state in the documentation that DMS is not compatible with S3 buckets configured with requester-pays. Thank you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content