Cristian Caloian
09/12/2023, 9:30 AMaws --profile lakefs s3 ls s3://<bucket>/<repo> --recursive
. I have configured the lakefs
profile with credentials from LakeFS, and the corresponding endpoint url. I also have AuthFullAccess
, FSFullAccess
and RepoManagementFullAccess
permissions. However, I still get the following error
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Forbidden
Do you have an idea what I am missing?Idan Novogroder
09/12/2023, 10:07 AMlakefs
profile with credentials from LakeFS? do you mean you use access key and secret from lakeFS or do you mean you use the same AWS credentials your lakeFS instance use?
2. About your command- aws --profile lakefs s3 ls s3://<bucket>/<repo> --recursive
why do you use s3://<bucket>/<repo>? you should use the storage namespace you configured for your repo, e.g.- s3://<bucket>/<prefix>
HT
09/12/2023, 10:11 AMHT
09/12/2023, 10:13 AMunderlying s3 storage
you mean the back end S3 bucket that LakeFS is using ... in which case you need the credential for that S3 bucket (nothing to do with Lakefs credential)Cristian Caloian
09/12/2023, 11:11 AMlakefs
(in ~/.aws/credentials
) with the access key and secret from LakeFS. Regarding (2) I am trying to follow this migration guide, so it might be that I understood wrong what <s3://sourceBucket>
in Step 3 means.
In my case, if I have a LakeFS repository called foo
with the storage namespace configured as s3://<some-bucket>/foo
. So I thought I needed to access s3://<some-bucket>/foo
. But I guess I should do <s3://foo/main/>
as @HT suggested, which works with the current configuration.
So, if <s3://sourceBucket>
in the migration guide refers to the actual underlying S3 bucket, then I need the AWS credentials for the AWS instance?Idan Novogroder
09/12/2023, 11:22 AM~/.aws/credentials
file, the answer is yes.
Please let me know if it worked for you 🙏🏽Cristian Caloian
09/12/2023, 12:00 PMCristian Caloian
09/12/2023, 12:12 PMsource_storage_namespace = '<s3://mySourceBucket>'
target_storage_namespace = '<s3://myTargetBucket>'
aws_region = '<AWS region name>' # e.g. us-east-1
aws_access_key_id = 'aaaaaaaaaaaaa'
aws_secret_access_key = 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
Thanks again for making me realize the distinction between the two 🙏