S3 Authorization Header is Malformed

UpdraftPlus Home Forums Paid support forum – UpdraftPlus backup plugin S3 Authorization Header is Malformed

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #184215
    Benjamin
    Participant

    I get an error when trying to authenticate that prevent me from backing up to S3. I don’t see where the region is even selectable in S3, any insights why the error might be occurring?

    Thank you.

    2016-12-09_2138

    #184434
    Benjamin
    Participant

    What S3 permission is required to permit UpdraftPlus to write objects to a bucket?

    I now have a policy with access but am unable to write to the bucket.

    Thank you.

    #184435
    Benjamin
    Participant

    I tested your example on https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/ for the S3 settings and get the malformed error. When I try this, I get the ability to list but not write. Any suggestions on what’s changed and what I must add to make it work?

    Thank you.

    {
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowGroupToSeeAllBuckets”,
    “Action”: [
    “s3:ListAllMyBuckets”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::*”
    },
    {
    “Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”
    },
    {
    “Sid”: “AllowListAccessToUserBackupBucket”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/”
    },
    {
    “Sid”: “AllowUserSpecificActionsInBackupBucket”,
    “Effect”: “Allow”,
    “Action”: [
    “s3:AbortMultipartUpload”,
    “s3:DeleteObject”,
    “s3:DeleteObjectVersion”,
    “s3:GetObject”,
    “s3:GetObjectAcl”,
    “s3:GetObjectVersion”,
    “s3:GetObjectVersionAcl”,
    “s3:PutObject”,
    “s3:PutObjectAcl”,
    “s3:PutObjectAclVersion”
    ],
    “Resource”: “arn:aws:s3:::/intercept-site-backups/${aws:username}/*”
    },
    {
    “Sid”: “AllowUserAccessToAllBackupBucketObjects”,
    “Effect”: “Allow”,
    “Action”: “s3:ListAllMyBuckets”,
    “Resource”: “*”
    }
    ]
    }

    #184440
    Benjamin
    Participant

    Here’s what I ended up with – get access but cannot write. The policy is a assigned to the group the user is added to and the user name is the same as the backup folder name.

    {
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowGroupToSeeAllBuckets”,
    “Action”: [
    “s3:ListAllMyBuckets”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::*”
    },
    {
    “Sid”: “AllowRootLevelListingOfTheBackupBuckets”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringEquals”: {
    “s3:prefix”: [
    “”
    ],
    “s3:delimiter”: [
    “/”
    ]
    }
    }
    },
    {
    “Sid”: “AllowUserListAccessToTheirBackupBucket”,
    “Action”: [
    “s3:ListBucket”,
    “s3:GetBucketLocation”,
    “s3:ListBucketMultipartUploads”
    ],
    “Effect”: “Allow”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringLike”: {
    “s3:prefix”: [
    “${aws:username}/*”
    ]
    }
    }
    },
    {
    “Sid”: “AllowUserFullAccessToTheirBackupBucket”,
    “Effect”: “Allow”,
    “Action”: “*”,
    “Resource”: “arn:aws:s3:::/intercept-site-backups/”,
    “Condition”: {
    “StringLike”: {
    “s3:prefix”: [
    “${aws:username}/*”
    ]
    }
    }
    }
    ]
    }

    #184590
    Dee Nutbourne
    Moderator

    Hi,

    Apologies for the delay.

    UpdraftPlus Premium has a setup wizard available for Amazon S3, which can be found in the AWS S3 remote storage settings.

    You can use this tool to create a new IAM user with the correct permissions. You can use either a new or existing bucket.

    Could you try setting up S3 with the wizard?

    Best Wishes,
    David N

    #184628
    Benjamin
    Participant

    David,

    I can’t find the wizard searching AWS, Google or in my UpdraftPlus account. Happy to give it a sot, how do I find it?

    #184631
    Benjamin
    Participant

    Ahhh, see the link in the settings, test driving now.

    #184638
    Benjamin
    Participant

    It created the user with the policy but did not create the bucket, so I’m not sure if i left it off or it didn’t work correctly. How do I remove the IAM user account and try again?

    #184758
    Dee Nutbourne
    Moderator

    Hi,

    You can delete the IAM user through your AWS control panel, under the IAM service.

    The IAM credentials will be automatically overwritten in the UpdraftPlus settings after using the wizard again.

    Best Wishes,
    David N

    #185130
    Benjamin
    Participant

    David,

    The wizard worked perfectly and I used it to create a group that can be used to simplify the credentials process. Thank you for your AWESOME product and support.

Viewing 10 posts - 1 through 10 (of 10 total)
  • The topic ‘S3 Authorization Header is Malformed’ is closed to new replies.