This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- SnapLogic - Integration Nation
- Snaps Packs
- AWS Gov Cloud and the S3 File Reader
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AWS Gov Cloud and the S3 File Reader
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2020 10:32 AM
My company uses sub accounts under a master account to control access and track resources in AWS Gov Cloud. I am trying to get an account configured for the S3 File Reader that works in this configuration. Seems simple enough, I specify my access key and secret key and set the Cross Account IAM Role’s Role ARN field but the validation is failing:
Failed to validate account: The security token included in the request is invalid. (Service: AWSSecurityTokenService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 4961a29f-a875-4c69-9665-e640610bc840) (Reason: No reason provided by the snap; Resolution: No resolution provided by the snap)
On my local machine, my ~/.aws/config file looks something like this:
[default]
region = us-gov-west-1
[profile engineer]
role_arn = arn:aws-us-gov:iam::############:role/Sandbox_Administrator
source_profile = default
region = us-gov-west-1
and my ~/.aws/credentials file looks something like this:
[default]
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>
When I run AWS CLI commands, I have to add “–profile engineer” to the command line but everything works properly.
Any clues as to what I need to do to make this work with the S3 File Reader?
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2020 11:02 AM
It seems that SnapLogic is unable to work with Gov Cloud accounts. I removed the Cross Account IAM Role settings and tried to validate my Account:
Failed to validate account: Failed to validate account, Cause: The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: F644A531D77D5358; S3 Extended Request ID: 75BtWBVlije/1C3q6xtiIvNJxviuNRdkcibpEPFq9Iot5RAbfDwUFh7RfKuVnlPGwF/Zsf07es4=) (Reason: The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: F644A531D77D5358; S3 Extended Request ID: 75BtWBVlije/1C3q6xtiIvNJxviuNRdkcibpEPFq9Iot5RAbfDwUFh7RfKuVnlPGwF/Zsf07es4=); Resolution: Please verify if the provided credentials are correct)
If I replace my AWS gov cloud Access Key ID and Secret Key with my AWS commercial account credentials, it all works fine. Sigh…
Related Content
- How to identify if there are no files in the source when using Multi file Reader Snap in Designing and Running Pipelines
- how to read special characters in file reader snap and pass it using the mapper snap to snowflake bu in Designing and Running Pipelines
- How to PGP-Encrypt a file with a filename read from another branch in Designing and Running Pipelines
- filter to remove header rows in Designing and Running Pipelines
- Unable to finish importing libraries in Designing and Running Pipelines
