UpdraftPlus Home › Forums › Paid support forum – UpdraftPlus backup plugin › S3 Authorization Header is Malformed
Tagged: error, header, malformed, S3, wrong region
- This topic has 9 replies, 2 voices, and was last updated 7 years, 11 months ago by Benjamin.
-
AuthorPosts
-
December 10, 2016 at 2:38 am #184215BenjaminParticipantDecember 12, 2016 at 2:57 am #184434BenjaminParticipant
What S3 permission is required to permit UpdraftPlus to write objects to a bucket?
I now have a policy with access but am unable to write to the bucket.
Thank you.
December 12, 2016 at 3:40 am #184435BenjaminParticipantI tested your example on https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/ for the S3 settings and get the malformed error. When I try this, I get the ability to list but not write. Any suggestions on what’s changed and what I must add to make it work?
Thank you.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “AllowGroupToSeeAllBuckets”,
“Action”: [
“s3:ListAllMyBuckets”,
“s3:GetBucketLocation”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::*”
},
{
“Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”,
“s3:ListBucketMultipartUploads”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::/intercept-site-backups/”
},
{
“Sid”: “AllowListAccessToUserBackupBucket”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”,
“s3:ListBucketMultipartUploads”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/”
},
{
“Sid”: “AllowUserSpecificActionsInBackupBucket”,
“Effect”: “Allow”,
“Action”: [
“s3:AbortMultipartUpload”,
“s3:DeleteObject”,
“s3:DeleteObjectVersion”,
“s3:GetObject”,
“s3:GetObjectAcl”,
“s3:GetObjectVersion”,
“s3:GetObjectVersionAcl”,
“s3:PutObject”,
“s3:PutObjectAcl”,
“s3:PutObjectAclVersion”
],
“Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/*”
},
{
“Sid”: “AllowUserAccessToAllBackupBucketObjects”,
“Effect”: “Allow”,
“Action”: “s3:ListAllMyBuckets”,
“Resource”: “*”
}
]
}December 12, 2016 at 4:25 am #184440BenjaminParticipantHere’s what I ended up with – get access but cannot write. The policy is a assigned to the group the user is added to and the user name is the same as the backup folder name.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “AllowGroupToSeeAllBuckets”,
“Action”: [
“s3:ListAllMyBuckets”,
“s3:GetBucketLocation”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::*”
},
{
“Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::/intercept-site-backups/”,
“Condition”: {
“StringEquals”: {
“s3:prefix”: [
“”
],
“s3:delimiter”: [
“/”
]
}
}
},
{
“Sid”: “AllowUserListAccessToTheirBackupBucket”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”,
“s3:ListBucketMultipartUploads”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::/intercept-site-backups/”,
“Condition”: {
“StringLike”: {
“s3:prefix”: [
“${aws:username}/*”
]
}
}
},
{
“Sid”: “AllowUserFullAccessToTheirBackupBucket”,
“Effect”: “Allow”,
“Action”: “*”,
“Resource”: “arn:aws:s3:::/intercept-site-backups/”,
“Condition”: {
“StringLike”: {
“s3:prefix”: [
“${aws:username}/*”
]
}
}
}
]
}December 12, 2016 at 7:44 pm #184590Dee NutbourneModeratorHi,
Apologies for the delay.
UpdraftPlus Premium has a setup wizard available for Amazon S3, which can be found in the AWS S3 remote storage settings.
You can use this tool to create a new IAM user with the correct permissions. You can use either a new or existing bucket.
Could you try setting up S3 with the wizard?
Best Wishes,
David NDecember 12, 2016 at 11:36 pm #184628BenjaminParticipantDavid,
I can’t find the wizard searching AWS, Google or in my UpdraftPlus account. Happy to give it a sot, how do I find it?
December 12, 2016 at 11:45 pm #184631BenjaminParticipantAhhh, see the link in the settings, test driving now.
December 13, 2016 at 12:16 am #184638BenjaminParticipantIt created the user with the policy but did not create the bucket, so I’m not sure if i left it off or it didn’t work correctly. How do I remove the IAM user account and try again?
December 13, 2016 at 7:18 pm #184758Dee NutbourneModeratorHi,
You can delete the IAM user through your AWS control panel, under the IAM service.
The IAM credentials will be automatically overwritten in the UpdraftPlus settings after using the wizard again.
Best Wishes,
David NDecember 15, 2016 at 6:28 pm #185130BenjaminParticipantDavid,
The wizard worked perfectly and I used it to create a group that can be used to simplify the credentials process. Thank you for your AWESOME product and support.
-
AuthorPosts
- The topic ‘S3 Authorization Header is Malformed’ is closed to new replies.