DGraph S3 Exports


Working with S3 Exports. I have verified they are working using multiple user key/secret pairs. However, the export does not work with a Terraform created user.

My question: I would like to know what Dgraph uses to connect to S3 to perform the write to S3 (SDK or otherwise), and what specific permissions/policies a user needs to be able to export successfully.

What I want to do

Use a Terraform-managed user key/secret pair to perform a Dgraph Export to S3.

What I did

The user receiving an Access Denied error has the following actions permitted to the target S3 bucket (and only the target S3 bucket):


Export works using an S3 user role with Admin access, as well as a user with a Full S3 policy attached.

Dgraph metadata


Dgraph version : v21.03.1
Dgraph codename : rocket-1
Dgraph SHA-256 : a00b73d583a720aa787171e43b4cb4dbbf75b38e522f66c9943ab2f0263007fe
Commit SHA-1 : ea1cb5f35
Commit timestamp : 2021-06-17 20:38:11 +0530
Branch : HEAD
Go version : go1.16.2
jemalloc enabled : true