S3 Authorization Header is Malformed

UpdraftPlus Home Forums Paid support forum – UpdraftPlus backup plugin S3 Authorization Header is Malformed

Tagged: , , , ,

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • December 10, 2016 at 2:38 am #184215
    Benjamin
    Participant

    I get an error when trying to authenticate that prevent me from backing up to S3. I don’t see where the region is even selectable in S3, any insights why the error might be occurring?

    Thank you.

    2016-12-09_2138

    December 12, 2016 at 2:57 am #184434
    Benjamin
    Participant

    What S3 permission is required to permit UpdraftPlus to write objects to a bucket?

    I now have a policy with access but am unable to write to the bucket.

    Thank you.

    December 12, 2016 at 3:40 am #184435
    Benjamin
    Participant

    I tested your example on https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/ for the S3 settings and get the malformed error. When I try this, I get the ability to list but not write. Any suggestions on what’s changed and what I must add to make it work?

    Thank you.

    {
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowGroupToSeeAllBuckets”,
    “Action”: [
    “s3:ListAllMyBuckets”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::*”
    },
    {
    “Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”
    },
    {
    “Sid”: “AllowListAccessToUserBackupBucket”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/”
    },
    {
    “Sid”: “AllowUserSpecificActionsInBackupBucket”,
    “Effect”: “Allow”,
    “Action”: [
    “s3:AbortMultipartUpload”,
    “s3:DeleteObject”,
    “s3:DeleteObjectVersion”,
    “s3:GetObject”,
    “s3:GetObjectAcl”,
    “s3:GetObjectVersion”,
    “s3:GetObjectVersionAcl”,
    “s3:PutObject”,
    “s3:PutObjectAcl”,
    “s3:PutObjectAclVersion”
    ],
    “Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/*”
    },
    {
    “Sid”: “AllowUserAccessToAllBackupBucketObjects”,
    “Effect”: “Allow”,
    “Action”: “s3:ListAllMyBuckets”,
    “Resource”: “*”
    }
    ]
    }

    December 12, 2016 at 4:25 am #184440
    Benjamin
    Participant

    Here’s what I ended up with – get access but cannot write. The policy is a assigned to the group the user is added to and the user name is the same as the backup folder name.

    {
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowGroupToSeeAllBuckets”,
    “Action”: [
    “s3:ListAllMyBuckets”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::*”
    },
    {
    “Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringEquals”: {
    “s3:prefix”: [
    “”
    ],
    “s3:delimiter”: [
    “/”
    ]
    }
    }
    },
    {
    “Sid”: “AllowUserListAccessToTheirBackupBucket”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringLike”: {
    “s3:prefix”: [
    “${aws:username}/*”
    ]
    }
    }
    },
    {
    “Sid”: “AllowUserFullAccessToTheirBackupBucket”,
    “Effect”: “Allow”,
    “Action”: “*”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringLike”: {
    “s3:prefix”: [
    “${aws:username}/*”
    ]
    }
    }
    }
    ]
    }

    December 12, 2016 at 7:44 pm #184590
    Dee Nutbourne
    Moderator

    Hi,

    Apologies for the delay.

    UpdraftPlus Premium has a setup wizard available for Amazon S3, which can be found in the AWS S3 remote storage settings.

    You can use this tool to create a new IAM user with the correct permissions. You can use either a new or existing bucket.

    Could you try setting up S3 with the wizard?

    Best Wishes,
    David N

    December 12, 2016 at 11:36 pm #184628
    Benjamin
    Participant

    David,

    I can’t find the wizard searching AWS, Google or in my UpdraftPlus account. Happy to give it a sot, how do I find it?

    December 12, 2016 at 11:45 pm #184631
    Benjamin
    Participant

    Ahhh, see the link in the settings, test driving now.

    December 13, 2016 at 12:16 am #184638
    Benjamin
    Participant

    It created the user with the policy but did not create the bucket, so I’m not sure if i left it off or it didn’t work correctly. How do I remove the IAM user account and try again?

    December 13, 2016 at 7:18 pm #184758
    Dee Nutbourne
    Moderator

    Hi,

    You can delete the IAM user through your AWS control panel, under the IAM service.

    The IAM credentials will be automatically overwritten in the UpdraftPlus settings after using the wizard again.

    Best Wishes,
    David N

    December 15, 2016 at 6:28 pm #185130
    Benjamin
    Participant

    David,

    The wizard worked perfectly and I used it to create a group that can be used to simplify the credentials process. Thank you for your AWESOME product and support.

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • The topic ‘S3 Authorization Header is Malformed’ is closed to new replies.