S3 Permissions Issue: works in Make, not in N8N

Describe the problem/error/question

I am using the AWS S3 module, resource=File, Operation=Get Many.

What is the error message (if any)?

When I use a bucket that I own, the request works fine. But when I use another bucket that is accessible to any authenticated AWS user, I get:

ERROR: Forbidden - perhaps check your credentials?

403 - "\n`AccessDenied`Access Denied471K15WEKE39JKEYD8ntc/L5YPOBocdRYVNvKx3ne7lGbkdCdSEzwvVQtWbNlA7Bx5cil9tFDzd63bZjiAQTI+fqZSg=" - `AccessDenied`Access Denied471K15WEKE39JKEYD8ntc/L5YPOBocdRYVNvKx3ne7lGbkdCdSEzwvVQtWbNlA7Bx5cil9tFDzd63bZjiAQTI+fqZSg=

I’m not sure what that character string is. It looks like credentials: xxxxKEYyyyy. But they’re not my credentials. Admins, if you figure out that these are someone else’s credentials, please edit my post to delete them.

Unfortunately I can’t post the name of the bucket - the bucket has client’s private info exposed to the public (well, to anyone with an AWS account). My job is to copy all of that out to a private repository so the bucket owner can delete it. If anyone from N8N support wants to take a closer look, please message me for the bucket info.

Very annoyingly, this works just fine in Make. However this job would cost me hundreds of thousands of operations so I’d really prefer to run it in N8N. And it works in a python script running the boto3 library to access S3. Just not in N8N.

Information on your n8n setup

  • n8n version: 1.18.2
  • Database (default: SQLite): Postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main): queue
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
  • Operating system: Alpine Linux / Docker

Hey @Lee_S,

That looks like AWS / S3 is returning an authentication / permission issue for the accoutn you are using, I am not sure why the same credentials would work in Make though as I would expect it to fail everywhere.

Could it be that the region is not correct?

This is definitely a permission issue with this bucket (which doesn’t belong to me). n8n’s S3 module is making a some API call before it tries to get the objects. I don’t think it’s a list objects call, because I think I have permission for that. Maybe some other call. For whatever reason, Make isn’t performing that call, so this works in Make. And when I run this in python I’m also not making whatever call n8n is making.

If you want to try to look into it further please message and I’ll send you the bucket info.

Hey @Lee_S,

We do make an extra call before the list which just looks to be an empty Get request on the bucket path to check the region I wonder if this is causing the issue.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.