search
Illumina KnowledgeIllumina SupportSign In

Troubleshooting AWS-S3 Connectivity

hashtag
Common Issues

The following are common issues encountered when connecting an AWS S3 bucket through a storage configuration

Error Type
Error Message
Description/Fix

Access Forbidden

Access forbidden: {message}

Mostly occurs because of lack of permission. Fix: Review IAM policy, Bucket policy, ACLs for required permissions

Unsupported principal

Unsupported principal: The policy type ${policy_type} does not support the Principal element. Remove the Principal element.

This can indicate that the S3 bucket policy settings have been added to the IAM policy by mistake.

Conflict

System topic is not in a valid state

Conflict

Found conflicting storage container notifications with overlapping prefixes

See Conflicting bucket notifications

Conflict

Found conflicting storage container notifications for {prefix}{eventTypeMsg}

See Conflicting bucket notifications

Conflict

Found conflicting storage container notifications with overlapping prefixes{prefixMsg}{eventTypeMsg}

See Conflicting bucket notifications

Customer Container Notification Exists

Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification

See Conflicting bucket notifications

Invalid Access Key ID

Failed to update bucket policy: The AWS Access Key Id you provided does not exist in our records.

Check the status of the AWS Access Key ID in the console. If not active, activate it. If missing, create it.

Invalid Paramater

Missing credentials for storage container

Check the storage credential. AccessKeyId and/or SecretAccessKey is not set.

Invalid Parameter

Missing bucket name for storage container

Bucket name has not been set for the storage configuration.

Invalid Parameter

The storage container name has invalid characters

Storage container name can only contain lowercase letters, numbers, hyphens, and periods.

Invalid Parameter

Storage Container '{storageContainer}' does not exist

Update storage configuration container to a valid s3 bucket.

Invalid Parameter

Invalid parameters for volume configuration: {message}

Invalid Storage Container Location

Storage container must be located in the {region} region

Update storage configuration region to match storage container region.

Invalid Storage Container Location

Storage container must be located in one of the following regions: {regions}

Update storage configuration region to match storage container region.

Missing Configuration

Missing queue name for storage container notification

Missing Configuration

Missing system topic name for storage container notification

Missing Configuration

Missing lambda ARN for storage container notification

Missing Configuration

Missing subscription name for storage container notification

Missing Storage Account Settings

The storage account '{storageAccountName}' needs HNS (Hierarchical Namespace) enabled.

Missing Storage Container Settings

Missing settings for storage container

hashtag
Specific Errors

hashtag
Conflicting bucket notifications

This error occurs when an existing bucket notification's event information overlaps with the notifications ICA is trying to add. Amazon S3 event notificationarrow-up-right only allows overlapping events with non-overlapping prefix. Depending on the conflicts on the notifications, the error can be presented in any of the following:

  • Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification.

  • Invalid parameters for volume configuration: found conflicting storage container notifications with overlapping prefixes.

  • Failed to update bucket policy: Configurations overlap. Configurations on the same bucket cannot share a common event type.

Solution:

  1. In the Amazon S3 Console, review your current S3 bucket's notification configuration and look for prefixes that overlap with your Storage Configuration's key prefix.

  2. Delete the existing notification that overlaps with your Storage Configuration's key prefix.

  3. ICA will perform a series of steps in the background to re-verify the connection to your bucket.

hashtag
GetTemporaryUploadCredentialsAsync failure

This error can occur when recreating a recently deleted storage configuration. To fix the issue, you have to delete the bucket notifications:

  1. In the Amazon S3 Consolearrow-up-right select the bucket for which you need to delete the notifications from the list.

  2. Choose properties.

  3. Navigate to the Event Notifications section and choose the check box for the event notifications with name gds:objectcreated, gds:objectremoved and gds:objectrestore and click Delete.

  4. revalidate the current storage configuration for an immediate update on the System Settings > Storage > Manage > Validate.

circle-info

If you do not want to wait revalidate, you can wait 15 minutes, for the storage to become available in ICA.

PreviousSSE-KMS EncryptionNextData

Last updated

Was this helpful?