S3 status code 400 error when attempting :push

Hi,

I’ve been receiving the following error for the last 4 days on a branch/git repo that was previously working fine for the prior week. I’ve tried resetting the head ptr to a commit that also is currently deployed and yet I still get the same error (so it isn’t due to code changes). Nothing else that I know of about my system has changed and I am able to use the “personal” AWS profile to issue aws s3 --profile personal ls successfully.

Thanks for any help you may offer.

11:18 $ clojure -A:dev -m datomic.ion.dev '{:op :push :creds-profile "personal"}' 

{:command-failed "{:op :push :creds-profile \"personal\"}",
 :causes
 ({:message
   "Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: AE90D5739A1ECD5D; S3 Extended Request ID: QyJRrZ1QVVb4u80jvwRoyd2MtyPHJj9nXsMNTWRRpQZks0D3+QEzsBIUns+IDwIbgIu15m4Ba6E=)",
   :class AmazonS3Exception})}

Anyone?

I’ve also tried rotating my access key and creating an IAM admin user and using his access key/secret access key combo to no avail. Doesn’t seem to be permissions related…

What region are you doing all your stuff in?

us-east-1. I tried explicitly adding region to the command as well.

I would suggest filing a support ticket with AWS Support that includes the Request ID and Extended Request ID, asking if they can provide more detail as to the nature of the request failure.

I found a workaround:

-. export the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values specified under the “personal” section of my ~/.aws/credentials.

Apparently something is broken with :creds-profile.

Also, aws s3 --profile personal cp ... worked just fine with the credentials as they were stored in the ~/.aws/credentials file (without exporting the env vars).

Hi Johanatan,

I’m glad you got it sorted. I will look into the :creds-profile option to see if I can identify any issues.

Marshall,
It does seem like something is not working with :creds-profile. I am able to specify my non-default profile for both the socks proxy and in the client api connection config, but I have never gotten it to work with :creds-profile in the ions functions. If I replace my credentials file with a file with just the [default] profile, my credentials work for for pushing.

Hi all,
I tripped upon the same issue and had to do as caleb did (rotating the profiles in my credentials file to put the desired one in the default slot).

This is very unfortunate and I wonder if anybody got non-default profile selection working while pushing, and how.

In fact, I was wrong - I get many warnings but the operation succeeds.