[solved] S3 "GET /?policy=" / REST.GET.BUCKETPOLICY - AWS logs with 404

While trying to debug "PutObjectPart has failed" (the S3 upload failure monster revival), I found that every couple of minutes, Pydio sends a request to the bucket at /?policy= which results in a 404.
This ends up creating a lot of log entries like this

e1bb965e7382d09f719xxx pydio [02/Jan/2023:13:50:20 +0000] 51.x.y.z arn:aws:iam::24067xxx:user/pydio 3RG4xxx REST.GET.BUCKETPOLICY - "GET /?policy= HTTP/1.1" 404 NoSuchBucketPolicy
301 - 17 - "-" "Minio (linux; amd64) minio-go/v6.0.11" - eioAfn8mLrSH2IP7ggSmpdexgAs1XYaxxx SigV4 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader xxx.s3-eu-central-1.amazonaws.com TLSv1.2 - -

The permissions I granted to the S3 user are:

s3:DeleteObject
s3:DeleteObjectTagging
s3:DeleteObjectVersion
s3:GetAccessPoint
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketLocation
s3:GetBucketPolicy
s3:GetBucketVersioning
s3:GetObject
s3:GetObjectAcl
s3:GetObjectRetention
s3:GetObjectTagging
s3:GetObjectVersion
s3:GetObjectVersionAcl
s3:ListAllMyBuckets
s3:ListBucket
s3:ListBucketMultipartUploads
s3:ListBucketVersions
s3:ListMultipartUploadParts
s3:ListMultiRegionAccessPoints
s3:PutEncryptionConfiguration
s3:PutObject
s3:PutObjectAcl
s3:PutObjectRetention
s3:PutObjectTagging
s3:PutObjectVersionAcl
s3:ReplicateObject
s3:ReplicateTags
s3:RestoreObject
1 Like

interesting - this is done by the minio client. we’ll look into it

I stopped an older v3 instance of Pydio I maintained and the 404 stopped…
So it may not be related to the latest version (or it may have been related to a badly set S3 endpoint in my old instance)
But in any case, I can’t see the 404 flowing in anymore.

1 Like

This topic was automatically closed 11 days after the last reply. New replies are no longer allowed.