The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Amazon AWS S3 IAM Policy

Discussion in 'Data Protection' started by Authoritarian, Dec 21, 2014.

  1. Authoritarian

    Authoritarian Registered

    Joined:
    Dec 21, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm trying to setup cPanel backup to authenticate as an AWS IAM user (as opposed to using the root keys).

    Here's the policy I'm trying to use the following policy for the cpanelwebserverbackup bucket:

    Code:
    {
    	"Version": "2008-10-17",
    	"Id": "cPanelPolicy",
    	"Statement": [
    		{
    			"Sid": "cPanelPolicy",
    			"Effect": "Allow",
    			"Principal": {
    				"AWS": "arn:aws:iam::############:user/cpanel"
    			},
    			"Action": "s3:*",
    			"Resource": "arn:aws:s3:::cpanelwebserverbackup"
    		}
    	]
    }
    
    But I have not been able to get this working. The above results in:
    Code:
    Error: Validation for transport “Amazon S3” failed: Could not upload test file: AccessDenied: Access Denied
    Now if I instead try to attach a policy to the IAM user such as below, I get the same result.

    Code:
    {
      "Statement": [
        {
          "Sid": "cPanelBackup",
          "Action": "s3:*",
          "Effect": "Allow",
          "Resource": "arn:aws:s3:::cpanelwebserverbackup"
        }
      ]
    }
    Anyone here willing to share a configuration they've rigged up the backup storage on S3 with an IAM user?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I reviewed ticket number 5861193 that you opened with us. You may want to check with Amazon's support to see if there are any configuration changes you can make from their side to allow the authentication to succeed.

    Thank you.
     
  3. Glexia

    Glexia Member

    Joined:
    Aug 8, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I am having the exact same issue. They say it's a cPanel problem. Did you ever get a solution?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you provide more information about the response you received from Amazon?

    Thank you.
     
  5. Glexia

    Glexia Member

    Joined:
    Aug 8, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    They had me independently test the API using the same credentials used in cPanel and I was able to deploy files. They told me that since I am able to deploy files using my own API into the S3 then all permissions are correct and it has to be an issue on the cPanel software side.

    To clarify -- I created a simple test application and used the same credentials and settings used in cPanel to save a file into S3. The file was successfully saved.

    Regards,

    Michael
     
  6. Glexia

    Glexia Member

    Joined:
    Aug 8, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Additionally, the cPanel/WHM server does indeed *successfully* log into S3 (per logs on Amazon), but then gives the error "Error: Validation for transport “Amazon S3” failed: Could not upload test file: AccessDenied: Access Denied"
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open your own support ticket for this issue using the link in my signature. Ensure you include the response you received from Amazon's support, and post the ticket number here.

    Thank you.
     
Loading...

Share This Page