Amazon S3 Repository rule error - Could not connect to repository
I've been trying to setup an Amazon S3 repository and keep getting an error.
The S3 bucket policy is set to public, to allow all operations for testing. (s3_bucket_policy.txt)
The S3 bucket can be accessed just fine with other tools, such as Postman, using the same Access key ID.
When I try to create a Repository rule in Pega, I get a "Could not connect to repository" error on the rule form and it does not get saved. (repository_rule.jpg)
When I trace the save operation, I can see that Data-Repository.Validate fails. (tracer.jpg, tracer_error.jpg)
I've set all relevant loggers to ALL, and all I can see in logs (pega_log.txt), the most specific error message is:
com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: BC558F5C236907DB)
I have tried it on 8.2.1 version, and also on a Pega Clould instance, and I get the same error.
(See the attached files for more details.)
Does anybody have an idea what could be wrong with my configuration?
Thanks in advance,
Peter
Pegasystems Inc.
US
This looks like a S3 bucket permission issue. Suggest you confirm that using aws command line (outside Pega) first if not already, e.g., https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/
Knowledge Expert
HU
Thanks for the suggestion.
I've did these tests before and just to make sure, I did them again. IDs match, owner seems to be correct, objects can be listed, credentials also checked, bucket policy too.
I have no idea what else can be wrong.
Pegasystems Inc.
US
Noticed that your rootpath is empty, can you try "/" to see if the behavior changes?
CYBG
GB
We're facing the same issue as PeterB46... We've exhausted all possible solutions that we could think of from a Pega, AWS perspective and furthermore from a firewall and application server perspective. There's not enough documentation on this and the information on Pega Community is a bit lacking. We've even added a KMS Key and we're still not able to connect the repository and create the rule.
Has any one else had any luck with this?
Centene Corporation
US
Just include the bucket name (without region - just the <Bucket Name>). Remove the rest of the url. See if KMS id needs to be given as input
Knowledge Expert
HU
I'm afraid we need the region, as we have our bucket in a specific region.
Regardless we've tried all formats they mention here https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro before I've created this post. :)
Appriss
US
This also happened to me as well, and I actually opened a ticket with support for it to no avail. I also verified that the bucket is available through other tools and from the command line of the server where our Pega application lives.
I would be very interested to hear if you obtain a solution for this issue.
Regards.
Brian
Centene Corporation
US
I got the error when I included region and all from the link above. However, when I just mentioned the bucket name it worked for us. Attached the screenshot
Centene Corporation
US
Just include the bucket name (without region - just the <Bucket Name>). Remove the rest of the url. See if KMS id needs to be given as input. I had given region and all initially when I received the error. The I just included bucket name and worked fine. Attached screenshot