dannycjones commented on a change in pull request #3962:
URL: https://github.com/apache/hadoop/pull/3962#discussion_r815946868
##########
File path:
hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/troubleshooting_s3a.md
##########
@@ -547,6 +547,20 @@ When trying to write or read SEE-KMS-encrypted data, the
client gets a
The caller does not have the permissions to access
the key with which the data was encrypted.
+### <a name="access_denied_requester_pays"></a>`AccessDeniedException` when
using a "Requester Pays" enabled bucket
+
+When making cross-account requests to a requester pays enabled bucket, all
calls must acknowledge via a header that the requester will be billed.
+
+If you don't enable this acknowledgement within S3A, then you will see a
message similar to this:
+
+```
+java.nio.file.AccessDeniedException: s3a://my-bucket/my-object: getFileStatus
on s3a://my-bucket/my-object:
Review comment:
Unfortunately, "403 Forbidden" is the only information given.
This will only appear if the header is not provided and the call is made by
a principal who is not the bucket owner. The bucket owner does not have to
provide the header.
Below is HTTP output from the AWS CLI when making a failed GetObject.
```
2022-02-28 14:35:11,318 - MainThread - urllib3.connectionpool - DEBUG -
https://<MY-BUCKET>.s3.eu-west-1.amazonaws.com:443 "GET /file.txt HTTP/1.1" 403
None
2022-02-28 14:35:11,319 - MainThread - botocore.parsers - DEBUG - Response
headers: {'x-amz-request-id': 'NC3P56B2VZ87PMKF', 'x-amz-id-2': '<TRUNCATED>',
'Content-Type': 'application/xml', 'Transfer-Encoding': 'chunked', 'Date':
'Mon, 28 Feb 2022 14:35:11 GMT', 'Server': 'AmazonS3'}
2022-02-28 14:35:11,320 - MainThread - botocore.parsers - DEBUG - Response
body:
b'<?xml version="1.0"
encoding="UTF-8"?>\n<Error><Code>AccessDenied</Code><Message>Access
Denied</Message><RequestId>NC3P56B2VZ87PMKF</RequestId></Error>'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
