Input/output error while access s3 file

Question

Input/output error while access s3 file

pch05 opened this issue 9 months ago · 2 comments

Hello,

It seems I encountered a similar issue:
I've mounted my s3 bucket with this command: mount-s3 <bucket_name> <directory_to_associate>

It works and I can list file and repositories on bucket from my instance.
But when I want to do 'cat' command, for example, to one of this files, I have this issue:
cat: <filename>: Input/output error

If I try to get the file on my laptop with aws s3 command, It works and I can read the content of file.

This is the policy I've applied to my instance to access bucket:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"s3:*"
			],
			"Effect": "Allow",
			"Resource": "<bucket_arn>"
		}
	]
}

I hope my question helps and is in the right place.
Thank you

Originally posted by @pch05 in #142 (comment)

Answer 1 · 2024-02-13T08:46:15.000Z

Hey @pch05,

Regarding the value for <bucket_arn> you are using for your policy: is it just the straightforward ARN like arn:aws:s3:::<BUCKET_NAME>? For object-level operations like GetObject which will be used when performing the cat command, you need to use object ARN like arn:aws:s3:::<BUCKET_NAME>/*.

You can verify this is the issue by using AWS CLI to read the object so long as it uses the same credential source. You should see something like aws s3 ls s3://<BUCKET_NAME>/ succeed while aws s3 cp s3://<BUCKET_NAME>/<FILE_NAME> - fail.

More details on S3 permissions are available here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html

Answer 2 · 2024-02-13T09:11:45.000Z

Hey @pch05,

Regarding the value for <bucket_arn> you are using for your policy: is it just the straightforward ARN like arn:aws:s3:::<BUCKET_NAME>? For object-level operations like GetObject which will be used when performing the cat command, you need to use object ARN like arn:aws:s3:::<BUCKET_NAME>/*.

You can verify this is the issue by using AWS CLI to read the object so long as it uses the same credential source. You should see something like aws s3 ls s3://<BUCKET_NAME>/ succeed while aws s3 cp s3://<BUCKET_NAME>/<FILE_NAME> - fail.

More details on S3 permissions are available here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html

Thanks for your answer.

Yes arn i'm using is like: arn:aws:s3:::<BUCKET_NAME>.

Like you said, I've try this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": [
                "${bucket_arn}",
                "${bucket_arn}/*"
            ]
        }
  ]
}

It's working properly now, thanks a lot!