S3ServiceException errors - Amazon Redshift

S3ServiceException errors

The most common s3ServiceException errors are caused by an improperly formatted or incorrect credentials string, having your cluster and your bucket in different AWS Regions, and insufficient Amazon S3 permissions.

The section provides troubleshooting information for each type of error.

Invalid credentials string

If your credentials string was improperly formatted, you will receive the following error message:

ERROR: Invalid credentials. Must be of the format: credentials 'aws_access_key_id=<access-key-id>;aws_secret_access_key=<secret-access-key> [;token=<temporary-session-token>]'

Verify that the credentials string does not contain any spaces or line breaks, and is enclosed in single quotation marks.

Invalid access key ID

If your access key ID does not exist, you will receive the following error message:

[Amazon](500310) Invalid operation: S3ServiceException:The AWS Access Key Id you provided does not exist in our records.

This is often a copy and paste error. Verify that the access key ID was entered correctly. Also, if you are using temporary session keys, check that the value for token is set.

Invalid secret access key

If your secret access key is incorrect, you will receive the following error message:

[Amazon](500310) Invalid operation: S3ServiceException:The request signature we calculated does not match the signature you provided. Check your key and signing method.,Status 403,Error SignatureDoesNotMatch

This is often a copy and paste error. Verify that the secret access key was entered correctly and that it is the correct key for the access key ID.

Bucket is in a different Region

The Amazon S3 bucket specified in the COPY command must be in the same AWS Region as the cluster. If your Amazon S3 bucket and your cluster are in different Regions, you will receive an error similar to the following:

ERROR: S3ServiceException:The bucket you are attempting to access must be addressed using the specified endpoint.

You can create an Amazon S3 bucket in a specific Region either by selecting the Region when you create the bucket by using the Amazon S3 Management Console, or by specifying an endpoint when you create the bucket using the Amazon S3 API or CLI. For more information, see Uploading files to Amazon S3.

For more information about Amazon S3 regions, see Accessing a Bucket in the Amazon Simple Storage Service User Guide.

Alternatively, you can specify the Region using the REGION option with the COPY command.

Access denied

If the user does not have sufficient permissions, you will receive the following error message:

ERROR: S3ServiceException:Access Denied,Status 403,Error AccessDenied

One possible cause is the user identified by the credentials does not have LIST and GET access to the Amazon S3 bucket. For other causes, see Troubleshoot Access Denied (403 Forbidden) errors in Amazon S3 in the Amazon Simple Storage Service User Guide.

For information about managing user access to buckets, see Identity and access management in Amazon S3 in the Amazon Simple Storage Service User Guide.