Amazon AWS S3 IAM Policy

Authoritarian

• December 21, 2014 12:45

I'm trying to setup cPanel backup to authenticate as an AWS IAM user (as opposed to using the root keys). Here's the policy I'm trying to use the following policy for the cpanelwebserverbackup bucket:
{ "Version": "2008-10-17", "Id": "cPanelPolicy", "Statement": [ { "Sid": "cPanelPolicy", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::############:user/cpanel" }, "Action": "s3:*", "Resource": "arn:aws:s3:::cpanelwebserverbackup" } ] }
But I have not been able to get this working. The above results in:
Error: Validation for transport "Amazon S3" failed: Could not upload test file: AccessDenied: Access Denied
Now if I instead try to attach a policy to the IAM user such as below, I get the same result.
{ "Statement": [ { "Sid": "cPanelBackup", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::cpanelwebserverbackup" } ] }
Anyone here willing to share a configuration they've rigged up the backup storage on S3 with an IAM user?

• 

  cPanelMichael

  • January 05, 2015 13:07

  Hello :) I reviewed ticket number 5861193 that you opened with us. You may want to check with Amazon's support to see if there are any configuration changes you can make from their side to allow the authentication to succeed. Thank you.

  0
• 

  Glexia

  • December 28, 2015 14:51

  I am having the exact same issue. They say it's a cPanel problem. Did you ever get a solution?

  0
• 

  cPanelMichael

  • December 28, 2015 15:17

  New I am having the exact same issue. They say it's a cPanel problem. Did you ever get a solution?

  
  Hello :) Could you provide more information about the response you received from Amazon? Thank you.

  0
• 

  Glexia

  • December 28, 2015 17:01

  Hi, They had me independently test the API using the same credentials used in cPanel and I was able to deploy files. They told me that since I am able to deploy files using my own API into the S3 then all permissions are correct and it has to be an issue on the cPanel software side. To clarify -- I created a simple test application and used the same credentials and settings used in cPanel to save a file into S3. The file was successfully saved. Regards, Michael

  0
• 

  Glexia

  • December 28, 2015 17:06

  Additionally, the cPanel/WHM server does indeed *successfully* log into S3 (per logs on Amazon), but then gives the error "Error: Validation for transport "Amazon S3" failed: Could not upload test file: AccessDenied: Access Denied"

  0
• 

  cPanelMichael

  • February 02, 2016 20:37

  Additionally, the cPanel/WHM server does indeed *successfully* log into S3 (per logs on Amazon), but then gives the error "Error: Validation for transport "Amazon S3" failed: Could not upload test file: AccessDenied: Access Denied"

  
  Feel free to open your own support ticket for this issue using the link in my signature. Ensure you include the response you received from Amazon's support, and post the ticket number here. Thank you.

  0

Please sign in to leave a comment.