Question

Amazon S3 Repository rule error - Could not connect to repository

I've been trying to setup an Amazon S3 repository and keep getting an error.

The S3 bucket policy is set to public, to allow all operations for testing. (s3_bucket_policy.txt)
The S3 bucket can be accessed just fine with other tools, such as Postman, using the same Access key ID.

When I try to create a Repository rule in Pega, I get a "Could not connect to repository" error on the rule form and it does not get saved. (repository_rule.jpg)
When I trace the save operation, I can see that Data-Repository.Validate fails. (tracer.jpg, tracer_error.jpg)

I've set all relevant loggers to ALL, and all I can see in logs (pega_log.txt), the most specific error message is:

com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: BC558F5C236907DB)

I have tried it on 8.2.1 version, and also on a Pega Clould instance, and I get the same error.

(See the attached files for more details.)

Does anybody have an idea what could be wrong with my configuration?

Thanks in advance,
Peter

Comments

Keep up to date on this post and subscribe to comments

June 4, 2019 - 7:35am

This looks like a S3 bucket permission issue. Suggest you confirm that using aws command line (outside Pega) first if not already, e.g., https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/

June 4, 2019 - 2:34pm

Thanks for the suggestion.

I've did these tests before and just to make sure, I did them again. IDs match, owner seems to be correct, objects can be listed, credentials also checked, bucket policy too.

I have no idea what else can be wrong.

September 5, 2019 - 9:27am
Response to PeterB46

Noticed that your rootpath is empty, can you try "/" to see if the behavior changes?

June 7, 2019 - 8:34am

We're facing the same issue as PeterB46... We've exhausted all possible solutions that we could think of from a Pega, AWS perspective and furthermore from a firewall and application server perspective. There's not enough documentation on this and the information on Pega Community is a bit lacking. We've even added a KMS Key and we're still not able to connect the repository and create the rule.

Has any one else had any luck with this?

July 23, 2019 - 4:33pm

Just include the bucket name (without region - just the <Bucket Name>). Remove the rest of the url. See if KMS id needs to be given as input

July 24, 2019 - 3:57am
Response to AbhinayC

I'm afraid we need the region, as we have our bucket in a specific region.

Regardless we've tried all formats they mention here https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro before I've created this post. :)

August 4, 2019 - 2:10am
Response to PeterB46

This also happened to me as well, and I actually opened a ticket with support for it to no avail.  I also verified that the bucket is available through other tools and from the command line of the server where our Pega application lives.  

I would be very interested to hear if you obtain a solution for this issue.

Regards.

Brian

September 5, 2019 - 11:51am
Response to PeterB46

I got the error when I included region and all from the link above. However, when I just mentioned the bucket name it worked for us. Attached the screenshot

September 5, 2019 - 5:10am

@PeterB56

Did you found solution on this. if Yes, please post the resolution.

 

September 5, 2019 - 11:52am
Response to Jang_RSR

Just include the bucket name (without region - just the <Bucket Name>). Remove the rest of the url. See if KMS id needs to be given as input. I had given region and all initially when I received the error. The I just included bucket name and worked fine. Attached screenshot