Marklogic backup from restapi to S3 permission denied and http

Question

MarkLogic 8.0-3.2 (v2)

I am running a successful backup to local disk without issue, however - setting the destination to S3 is failing. Permissions is not a problem whatsoever, this host has a role which is FullAccess and for good mesaure FullS3Access - I can manually put/get any object without issue.

Questions: Why is http://ml-backups- being called instead of S3:// even though the destination is set correctly.

curl -s --anyauth --user xxxxx:xxxx -X POST -i -H 'Content-type: application/json' http://localhost:8002/manage/v2/databases/xxxxx-xxxx -d '
{
  "operation": "backup-database",
  "forest": [
    "xxxxxx-xxxx-1"
  ],
  "backup-dir": "s3://ml-backups-xxxx/xxxxx",
  "lag-limit": 30
}'

2015-12-14 17:17:17.117 Info: Starting 1-forest database backup to s3://ml-backups-xxxxxx/xxxxxxxx/20151214-1717171175540, jobid=14000835336994627036

Error: Backup of forest xxxxxx-1 to s3://ml-backups-staging/xxxxx/xxxx/20151214-1717171175540, jobid=14000835336994627036 failed: SVC-S3ERR: S3 error: PUT 0 http://ml-backups-xxxx.s3-eu-west-1.amazonaws.com/xxxxx/20151214-1717171175540/ 403 Forbidden Code=AccessDenied Message="Access Denied" RequestId=1AD3711D3CACE92F HostId=aEyandwKoXrwU8TxMK6dVigtSy73DmyBXNDK0KkugrbXPzcD7BebIwqTqjk7OpJtbiNlIZ4+jIw= 2015-12-14 17:19:12.232 Error: 1-forest database backup to s3://ml-backups-xxxx/xxxxx/20151214-1717171175540, jobid=14000835336994627036 failed: SVC-FAILED: Failed

Answer 1

In the S3 Bucket Policy

ADD: "Sid": "AllowPublicRead"

The issue is, in the request to http/https is outside of your account and so your AWS Cred are not accessible, so adding the Read option and making sure obviously to lock the bucket to a grantee so its not actually public.