S3 backend error

hi,
i have a problem configuring the s3 backend, and not sure what is wrong. I get the follow error no matter how i structure the config item for “audit_sessions_uri”. have tried with different bucket names with a simple name such as “teleportevents” or a fqdn bucket name.

INFO [S3] Setting up bucket “teleportevents”, sessions path “” in region “us-east-1”. s3sessions/s3handler.go:93

ERROR REPORT:
Original Error: *trace.BadParameterError NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Stack Trace:
/gopath/src/github.com/gravitational/teleport/lib/events/s3sessions/s3handler.go:303 github.com/gravitational/teleport/lib/events/s3sessions.ConvertS3Error
User Message: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors, initialization failed

i can’t post the full stace trace because i’m a new user, and am limited to two links in a post.

my config -

teleport:
storage:
region: us-east-1
access_key: key
secret_key: secret
audit_sessions_uri: s3://teleportevents

my iam user currently has the aws default policy “AmazonS3FullAccess” for troubleshooting. didn’t work when i had a more restrictive policy with only get/put to the specific bucket.

i can get/put items to the s3 bucket using the access key with awscli.

if i change my storage type to dynamodb, teleport does create the table, so my access key should be good.

teleport starts up correctly if i use local storage only.

running teleport v4.0.9, ubuntu 18.04 ec2 instances.

Thoughts on what i’m doing wrong?

Thanks

Hi Dan,

Have you tried setting the AWS_SHARED_CREDENTIALS_FILE=/root/.aws/credentials environment variable?

Also remove the access_key and secret_key from config because Teleport doesn’t use the credentials set in the configuration for s3 connector, but uses the credentials set in ~/.aws/credentials

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.