Hello,
Working with S3 Exports. I have verified they are working using multiple user key/secret pairs. However, the export does not work with a Terraform created user.
My question: I would like to know what Dgraph uses to connect to S3 to perform the write to S3 (SDK or otherwise), and what specific permissions/policies a user needs to be able to export successfully.
What I want to do
Use a Terraform-managed user key/secret pair to perform a Dgraph Export to S3.
What I did
The user receiving an Access Denied error has the following actions permitted to the target S3 bucket (and only the target S3 bucket):
“s3:PutObject*”,
“s3:PutBucket*”,
:s3:List*",
“s3:Get*”,
“s3:DeleteObject*”,
“s3:DeleteBucket”,
“s3:CreateBucket”
Export works using an S3 user role with Admin access, as well as a user with a Full S3 policy attached.
Dgraph metadata
21.03
Dgraph version : v21.03.1
Dgraph codename : rocket-1
Dgraph SHA-256 : a00b73d583a720aa787171e43b4cb4dbbf75b38e522f66c9943ab2f0263007fe
Commit SHA-1 : ea1cb5f35
Commit timestamp : 2021-06-17 20:38:11 +0530
Branch : HEAD
Go version : go1.16.2
jemalloc enabled : true