s3fs_check_service: invalid credentials - result of checking service

Question

I am using s3fs for mounting wrt to s3 bucket

My S3 bucket is AES256 Encrypted

The mount command is

s3fs -o dbglevel=info -o allow_other  -o use_sse=1 -o use_cache=/tmp bucketname /s3mnt 

Doing so I don't get any error message, but the mount is not happening

/var/log/messages

has these error

s3fs.cpp:s3fs_check_service(3765): invalid credentials - result of checking service

Apr 14 12:23:31 ip-10-245-10-14 s3fs[74691]: curl.cpp:CheckBucket(2899): Check bucket failed, S3 response:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AccessDenied</Code>
  <Message>Access Denied</Message>
  <RequestId>2F78B1BC9AC11266</RequestId>
  <HostId>lonyfl8DX8DQBnOOqouDwWi7PYzwiXZl3LEWOiCjY39PlLMGnfBGWhvSRoF4UGLVCCdfkHVxxa4=</HostId>
</Error>

Any help?

Answer 1

I got the same issue, when checking the logs using -d parameter in command to get more detailed log., found that the datetime was wrong The difference between the request time and the current time is too large.

after correcting the datetime using the below command the issue is resolved.

timedatectl set-timezone UTC

Answer 2

Adding url=https://s3.{AWS::Region}.amazon.com in the fstab entry solved my issue.

Answer 3

If you're thinking that you're going nuts after having the right policies and credentials: They ARE probably correct! But is your bucket in a region other than the default us-east-1?

Because if it is, your credentials get lost in redirects...

Looks like we loose auth data following redirects. Adding url param like -o url="https://s3-eu-west-1.amazonaws.com" fixes the problem.

Source: 1. https://github.com/s3fs-fuse/s3fs-fuse/issues/721 2. https://github.com/s3fs-fuse/s3fs-fuse/issues/721#issuecomment-382353844

Answer 4

Amazon emits this error with incorrect credentials. Make sure your $HOME/.passwd-s3fs or /etc/passwd-s3fs is correct.