S3 status code 400 error when attempting :push


#1

Hi,

I’ve been receiving the following error for the last 4 days on a branch/git repo that was previously working fine for the prior week. I’ve tried resetting the head ptr to a commit that also is currently deployed and yet I still get the same error (so it isn’t due to code changes). Nothing else that I know of about my system has changed and I am able to use the “personal” AWS profile to issue aws s3 --profile personal ls successfully.

Thanks for any help you may offer.

11:18 $ clojure -A:dev -m datomic.ion.dev '{:op :push :creds-profile "personal"}' 

{:command-failed "{:op :push :creds-profile \"personal\"}",
 :causes
 ({:message
   "Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: AE90D5739A1ECD5D; S3 Extended Request ID: QyJRrZ1QVVb4u80jvwRoyd2MtyPHJj9nXsMNTWRRpQZks0D3+QEzsBIUns+IDwIbgIu15m4Ba6E=)",
   :class AmazonS3Exception})}

#2

Anyone?

I’ve also tried rotating my access key and creating an IAM admin user and using his access key/secret access key combo to no avail. Doesn’t seem to be permissions related…


#3

What region are you doing all your stuff in?


#4

us-east-1. I tried explicitly adding region to the command as well.


#5

I would suggest filing a support ticket with AWS Support that includes the Request ID and Extended Request ID, asking if they can provide more detail as to the nature of the request failure.


#6

I found a workaround:

-. export the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values specified under the “personal” section of my ~/.aws/credentials.

Apparently something is broken with :creds-profile.


#7

Also, aws s3 --profile personal cp ... worked just fine with the credentials as they were stored in the ~/.aws/credentials file (without exporting the env vars).


#8

Hi Johanatan,

I’m glad you got it sorted. I will look into the :creds-profile option to see if I can identify any issues.


#9

Marshall,
It does seem like something is not working with :creds-profile. I am able to specify my non-default profile for both the socks proxy and in the client api connection config, but I have never gotten it to work with :creds-profile in the ions functions. If I replace my credentials file with a file with just the [default] profile, my credentials work for for pushing.