v4.1.4 requires s3:ListAllMyBuckets

Hi @webaware,

Thank you for reaching out.

Our developers confirmed that no recent changes in the plugin could have caused this issue. While job execution, we only check if the bucket exists.

Can you tell us which version of the plugin is working as expected for you? Also, do you see any error message on your end while performing this job?

Looking forward to your reply.

Best Regards,

G’day BWU,

Today I tried every version going back to v3.6.9 (which I know worked, see my old report) but none of them work now. Could it be a change in the error message returned from S3? i.e. could you still have code in place to deal with this, but it isn’t being called because the S3 error message/code has changed?

I’m pretty sure it all worked back in July, possibly even late August, when I set up new sites. That means it would have been working in v4.1.3 or v4.1.4 quite likely. Just no longer.

Incidentally, this is only an issue when creating backup jobs and entering (selecting) the bucket. Once that’s been done, s3:ListAllMyBuckets isn’t required and the jobs run successfully without it.

cheers,
Ross

Hello,

It could be that any update from AWS side may have changed how things work now. You may try creating new API and see how it goes.

If this does not help, you can contact us from here: https://backwpup.com/contact/ with more details.

Best Regards,

This happens with both old and new API keys. I’ve seen this across different websites now. Something has changed, for sure. I don’t really have more details to provide than those above.

cheers,
Ross

Hello,

Our developers have confirmed that no update has been made around this in the plugin otherwise issue would not have replicated on old version. It seems something has changed from AWS side causing this.

In any case, you can send us the full situation over the support channel to get this further investigated.

Best Regards,

Also confirming this is a problem.

The change seems to be around the initial entry to the job screen and the way Bucket Selection is being validated. For example, if I now edit a job that has been running fine for ages it will now give this error next to Bucket selection:
User: arn:aws:iam::xxxxxxxxxx:user/the-bucket-name is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action

On edit it used to just display the bucket name if it had already been set. Now it appears to be trying to get the list of all buckets first to check if the bucket name is still valid. And if it can’t get the list then it no longer displays the buck name field and displays this error instead – even though the bucket name is valid. Previously the plugin would give a less ‘critical errror’ that bucket names could not be accessed BUT would still allow you to manually enter the bucket name (so this can’t just be an AWS change?)

Note: the existing backup job will also continue to work just fine IF you don’t save that job. If you change anything else, not only does it happily save (with no visible bucket selected!) but the save wipes out the previously set valid bucket name so backups then fail..!

So ideally a return to the previous behaviour of allowing you to manually enter the bucket name where a list of all buckets is not permitted would be best. Or if that doesn’t work with the way validation is being done now, maybe add a tickbox to allow this check to be overridden and the bucket name be typed in?