Closed snssays closed 8 months ago
Thank you for your report. Let me look in to this and get back to you. Would you be able to provide an example of how you are starting the gateway? A redacted settings file or docker run command would be helpful in diagnosing. At first glance it looks like no credentials are present based on the stack trace but I'll need to dig in further. Knowing how configuration is being provided would be helpful.
Yes not even access id, session token, security token. None are present. Instead that fetchCredentials method, I couldn't find where it's being called in sigv4.
I am using a fargate with ECS Approach. I used CDK and generated cloud formation template. I made sure that the task role has read/list permissions on bucket and bucket/*. I am not using a settings file, Instead I am using environment variables which are provided in CFTemplate by you guys.
I am using these env variables.
S3_BUCKET_NAME: mainBucketName,
S3_SERVER: `s3.${this.region}.amazonaws.com`,
S3_SERVER_PORT: '443',
S3_SERVER_PROTO: 'https',
S3_REGION: this.region,
S3_STYLE: 'default',
DEBUG: 'true',
AWS_SIGS_VERSION: '4',
ALLOW_DIRECTORY_LIST: 'true',
I am using your nginxinc/nginx-s3-gateway:latest-20231222 image. Using regular docker run <image-name>
It's working now. My health check path wasn't /health. I overrode it and I believe that was the default.
Glad to hear it! I'm going to close the issue for now. Please feel free to reopen if you feel there is an issue here. I'll take a look at that code to see if there can be a better error message in this case.
Describe the bug I have deployed the nginx-s3-gateway into AWS ECS container. Gave the ECS Task role the read permissions for the bucket. I am using sigv4 and it requires AWS_SESSION_TOKEN. Apparently ECS Task role doesn't populate AWS_SESSION_TOKEN. It populates only AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY. Because of that I am getting 404
To Reproduce I am following the template you guys provided for ECS
Expected behavior Session token needs to be populated and access to s3 should happen
Your environment
Additional context
Jan 11 10:38:06.593 mkdocs-s3-privatelink at sessionToken (/etc/nginx/include/awscredentials.js:83)
Jan 11 10:38:06.593 mkdocs-s3-privatelink 2024/01/11 16:38:06 [error] 74#74: *15 js exception: TypeError: cannot get property "sessionToken" of undefined
Jan 11 10:38:06.593 mkdocs-s3-privatelink at s3auth (/etc/nginx/include/s3gateway.js:184)
Jan 11 10:38:06.593 mkdocs-s3-privatelink at signatureV4 (/etc/nginx/include/awssig4.js:51)