Hello,
Using standalone Companion + uppy to upload directly to S3, and after solving many issues along the way, I hit this error:
companion: 2023-11-29T12:04:07.878Z [error] a6d79523-2a9b-4a86-ba7f-5129365330ae root.error AccessDenied: User: arn:aws:iam::123123123213:user/s3_uppy is not authorized to perform: sts:GetFederationToken on resource: arn:aws:sts::123123123213:federated-user/companion
As I understand, an IAM policy is required to permit Companion getting a token, but I don’t want to grant blanket permission. But adding such policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:GetFederationToken",
"Resource": "arn:aws:sts::123123123213:federated-user/companion*",
}
}
]
}
AWS returns an error: This policy does not grant any permissions. To grant access, policies must have an action that has an applicable resource or condition.
At this point I’m not sure where to go next. Uppy docs say nothing about such policy, yet it seems required to make S3 uploads work. Any idea how to proceed from here?
My next struggle is about accelerated uploads. In my .env I have defined:
COMPANION_AWS_USE_ACCELERATE_ENDPOINT=“true”
and did not defined COMPANION_AWS_ENDPOINT
Yet, Companion returns such error:
A custom endpoint cannot be combined with S3 Accelerate
Actually, this error comes not from companion source code, but from S3 APi itself, so I will have a look later whether it’s caused by conflicting endpoints sent along with a request, but if anyone had success making accelerated uploads working with standalone companion, I’d be grateful for your advice as well.
Thanks heaps in advance.