https://lakefs.io/ logo
Join Slack
Powered by
Hi, I am trying to access the underlying s3 stora...
# help
c
Hi, I am trying to access the underlying s3 storage of a repository using 
aws --profile lakefs s3 ls s3://<bucket>/<repo> --recursive
. I have configured the 
lakefs
profile with credentials from LakeFS, and the corresponding endpoint url. I also have 
AuthFullAccess
, 
FSFullAccess
and 
RepoManagementFullAccess
permissions. However, I still get the following error 
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Forbidden
Do you have an idea what I am missing?
i
Hi @Cristian Caloian, Two questions- 1. What do you mean when you say I have configured the 
lakefs
profile with credentials from LakeFS? do you mean you use access key and secret from lakeFS or do you mean you use the same AWS credentials your lakeFS instance use? 2. About your command- 
aws --profile lakefs s3 ls s3://<bucket>/<repo> --recursive
why do you use s3://<bucket>/<repo>? you should use the storage namespace you configured for your repo, e.g.- 
s3://<bucket>/<prefix>
h
isn't it supposed to be `s3://<repo>/<branch>/<somePath>`` ?
Oh nevermind, by 
underlying s3 storage
you mean the back end S3 bucket that LakeFS is using ... in which case you need the credential for that S3 bucket (nothing to do with Lakefs credential)
c
Thank you @Idan Novogroder and @HT for your replies. I guess I am mixing things up and I would appreciate your guidance. @Idan Novogroder for (1) I configured an aws profile named 
lakefs
(in 
~/.aws/credentials
) with the access key and secret from LakeFS. Regarding (2) I am trying to follow this migration guide, so it might be that I understood wrong what 
<s3://sourceBucket>
in Step 3 means. In my case, if I have a LakeFS repository called 
foo
with the storage namespace configured as 
s3://<some-bucket>/foo
. So I thought I needed to access 
s3://<some-bucket>/foo
. But I guess I should do 
<s3://foo/main/>
as @HT suggested, which works with the current configuration. So, if 
<s3://sourceBucket>
in the migration guide refers to the actual underlying S3 bucket, then I need the AWS credentials for the AWS instance?
i
If you're asking if you should use AWS credentials in your 
~/.aws/credentials
file, the answer is yes. Please let me know if it worked for you 🙏🏽
c
I guess my first question is whether, in the context of migrating a repository from one LakeFS installation to a completely different LakeFS installation, I need to copy the underlying S3 storage. If the answer is yes then I think now I understand that it needs the AWS credentials.
I think I figured out… from the linked notebook in the guide, I think it is the underlying storage namespace
Copy code
source_storage_namespace = '<s3://mySourceBucket>'
target_storage_namespace = '<s3://myTargetBucket>'

aws_region = '<AWS region name>' # e.g. us-east-1
aws_access_key_id = 'aaaaaaaaaaaaa'
aws_secret_access_key = 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
Thanks again for making me realize the distinction between the two 🙏
mario luigi dance 1
3 Views
Open in Slack
PreviousNext
Powered by