S3 Upload Problem

reichert · April 13, 2022, 1:40pm

Hi guys.

I’m generating a CSV file and sending it to S3.
Due to compliancy my credentials only allow me to PUT an object and this can be done successfully using the aws-cli in the command line. My credentials doesnt allow me to GET object or bucket.

After spending some hours due to 403 error in this node I came to the source code and realized that in this line a GET in the bucket (or object) is done to retrieve the region. (n8n/S3.node.ts at master · n8n-io/n8n · GitHub)

Note that the region is informed in the node configuration - and doing it like it is being done brings me some points:

cant the region inputed in the node configuration be used here?
in order to PUT an object I need extra permissions that in some cases (like mine) isn’t possible due to compliance reasons to have;

Any thoughts about this?

UPDATE 1:

I had to add the permission “s3:GetBucketLocation” to the credentials in order to use the node. I believe this permission should not be required if the location used was from the node configuration.

Jon · April 13, 2022, 2:37pm

Hey @reichert,

That is an interesting problem, I am not sure why we make that call as it just seems to get the bucket location which looks to be the same as the region.

I am not sure if you can have an S3 account in one region and buckets in another region, As a temporary solution using the get bucket location permission should work and should hold up for most compliance frameworks.

How do you have n8n installed / running? If you are running from source in theory changing it to use the credential option to test would be fairly quick.