• JoeyDumont
    0
    Hi again!

    I am trying to add a destination to a storage account using the API. However, it seems like that it's not authenticating to S3 properly.

    It works fine in the Management Console.

    Below you will find the role policy I made for the CloudBerry role in AWS, and the API response.

    Is there a problem on my end or on yours?

    Thanks!

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "ReadWriteObjectsFromNRCIPSpace",
                "Effect": "Allow",
                "Action": [
                    "s3:AbortMultipartUpload",
                    "s3:DeleteObject",
                    "s3:DeleteObjectTagging",
                    "s3:DeleteObjectVersion",
                    "s3:DeleteObjectVersionTagging",
                    "s3:GetAccelerateConfiguration",
                    "s3:GetAccountPublicAccessBlock",
                    "s3:GetAnalyticsConfiguration",
                    "s3:GetBucketAcl",
                    "s3:GetBucketCORS",
                    "s3:GetBucketLocation",
                    "s3:GetBucketPolicy",
                    "s3:GetBucketPublicAccessBlock",
                    "s3:GetBucketRequestPayment",
                    "s3:GetBucketTagging",
                    "s3:GetBucketVersioning",
                    "s3:GetEncryptionConfiguration",
                    "s3:GetInventoryConfiguration",
                    "s3:GetLifecycleConfiguration",
                    "s3:GetMetricsConfiguration",
                    "s3:GetObject",
                    "s3:GetObjectAcl",
                    "s3:GetObjectTagging",
                    "s3:GetObjectVersion",
                    "s3:GetObjectVersionAcl",
                    "s3:GetObjectVersionForReplication",
                    "s3:GetObjectVersionTagging",
                    "s3:GetReplicationConfiguration",
                    "s3:ListBucketByTags",
                    "s3:ListBucketMultipartUploads",
                    "s3:ListBucketVersions",
                    "s3:ListMultipartUploadParts",
                    "s3:PutAccelerateConfiguration",
                    "s3:PutEncryptionConfiguration",
                    "s3:PutLifecycleConfiguration",
                    "s3:PutObject",
                    "s3:PutObjectTagging",
                    "s3:PutObjectVersionTagging",
                    "s3:ReplicateDelete",
                    "s3:ReplicateObject",
                    "s3:ReplicateTags",
                    "s3:RestoreObject"
                ],
                "Resource": "*",
                "Condition": {
                    "ForAnyValue:IpAddress": {
                        "aws:SourceIp": [
                            "custom IP range 1",
                            "custom IP range 2"
                        ]
                    }
                }
            },
            {
                "Sid": "CloudBerryManagementConsoleListBuckets",
                "Effect": "Allow",
                "Action": [
                    "s3:HeadBucket",
                    "s3:ListAllMyBuckets",
                    "s3:ListBucket"
                ],
                "Resource": "*"
            }
        ]
    }
    


    Here's the response:
    {'ExceptionMessage': 'The security token included in the request is invalid.',
     'ExceptionType': 'CloudBerryLab.Base.Exceptions.Status403Exception',
     'InnerException': {'ExceptionMessage': 'The security token included in the '
                                            'request is invalid.',
                        'ExceptionType': 'CloudBerryLab.S3Client.STS.STSWebException',
                        'InnerException': {'ExceptionMessage': 'The remote server '
                                                               'returned an error: '
                                                               '(403) Forbidden.',
                                           'ExceptionType': 'System.Net.WebException',
                                           'Message': 'An error has occurred.',
                                           'StackTrace': '   at '
                                                         'System.Net.HttpWebRequest.GetResponse()\r\n'
                                                         '   at '
                                                         'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.ExecRequestImmediate(LightWebRequestProps '
                                                         'webRequestData)'},
                        'Message': 'An error has occurred.',
                        'StackTrace': None},
     'Message': 'An error has occurred.',
     'StackTrace': '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.ExecRequestAndThrowStorageSpecificException(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.DoRetries(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightHttpClient.HandleRedirects(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightHttpClient.ExecRequestAndHandleSmartDelays(LightWebRequestProps '
                   'webRequestProps)\r\n'
                   '   at CloudBerryLab.S3Client.STS.STSClient.AssumeRole(String '
                   'roleSessionName, String roleARN, Int32 durationSeconds, String '
                   'policy, String externalID, ICancelable cancelable)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.Security.AmazonAuthService.GetAssumedRoleCredentials(S3Settings '
                   's3Settings, ICancelable cancelable)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.Security.AmazonAuthService.GenerateNewToken(ICancelable '
                   'cancelable)\r\n'
                   '   at '
                   'CloudBerryLab.Client.Security.AuthServiceBase.GetToken(ICancelable '
                   'sync)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.S3.LightS3Client.AuthorizeRequest(WebRequest '
                   'request, LightWebRequestProps webRequestProps)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.ExecRequestImmediate(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.ExecRequestAndThrowStorageSpecificException(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightWebClient.DoRetries(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightHttpClient.HandleRedirects(LightWebRequestProps '
                   'webRequestData)\r\n'
                   '   at '
                   'CloudBerryLab.Base.HttpUtil.Light.LightHttpClient.ExecRequestAndHandleSmartDelays(LightWebRequestProps '
                   'webRequestProps)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.S3.LightS3Client.ListBuckets(ICancelable '
                   'cancelable)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.S3.S3ConnectionLight.ListBuckets(ICancelable '
                   'cancelable)\r\n'
                   '   at '
                   'CloudBerryLab.S3Client.IO.S3Folder.InitializeItems(Boolean '
                   'forceDescendants, Boolean doNotCreateFolders, String '
                   'searchPattern, StreamSync streamSync)\r\n'
                   '   at CloudBerryLab.S3Client.IO.S3Folder.GetDirectories(String '
                   'searchPattern, SearchOption searchOption)\r\n'
                   '   at '
                   'CloudBerryLab.Backup.Engine.Cloud.Connection.BaseConnection.GetRootFolders()\r\n'
                   '   at '
                   'CloudBerryLab.Web.MBS.Utils.CloudHelper.CloudHelper.GetBucketList(String '
                   'servicePoint, Boolean create)\r\n'
                   '   at '
                   'MBSAPImvc.Engine.Controllers.AccountsEngine.AddDestinationAccountInternal(DestinationOfAccountCreate '
                   'destination, MBSProvider provider, String& location)\r\n'
                   '   at '
                   'MBSAPImvc.Controllers.AccountsController.AddDestinationAccount(DestinationOfAccountCreate '
                   'destination)'}
    


  • MattAccepted Answer
    91
    Don't really see anything unusual with that role, so it's better to send an email to regarding issues like that.
  • JoeyDumont
    0
    Noted, and done, thanks!
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment