S3 Upload Problem

Hi guys.

I’m generating a CSV file and sending it to S3.
Due to compliancy my credentials only allow me to PUT an object and this can be done successfully using the aws-cli in the command line. My credentials doesnt allow me to GET object or bucket.

After spending some hours due to 403 error in this node I came to the source code and realized that in this line a GET in the bucket (or object) is done to retrieve the region. (n8n/packages/nodes-base/nodes/S3/S3.node.ts at master · n8n-io/n8n · GitHub)

Note that the region is informed in the node configuration - and doing it like it is being done brings me some points:

  1. cant the region inputed in the node configuration be used here?
  2. in order to PUT an object I need extra permissions that in some cases (like mine) isn’t possible due to compliance reasons to have;

Any thoughts about this?

UPDATE 1:

  • I had to add the permission “s3:GetBucketLocation” to the credentials in order to use the node. I believe this permission should not be required if the location used was from the node configuration.
1 Like

Hey @reichert,

That is an interesting problem, I am not sure why we make that call as it just seems to get the bucket location which looks to be the same as the region.

I am not sure if you can have an S3 account in one region and buckets in another region, As a temporary solution using the get bucket location permission should work and should hold up for most compliance frameworks.

How do you have n8n installed / running? If you are running from source in theory changing it to use the credential option to test would be fairly quick.

I think that this should be an option on the S3 action to either use credentials region, action-specified region, or maybe look it up. I’m using Cloudflare R2, and the region lookup causes permissions errors when I don’t have bucket-admin permissions enabled on the credentials.