amazon-web-services amazon-s3 amazon-ec2 mount s3fs

Problems mounting a S3 bucket with s3fs

I am trying to mount a S3 bucket on an AWS EC2 instance following this instruction. I was able to install the dependencies via yum, followed by cloning the git repository, and then making and installing the s3fs tool.

Furthermore, I ensured my AWSACCESSKEYID and AWSSECRETACCESSKEY values were in several locations (because I could not get the tool to work and searching for an answer suggest placing the file in different locations).

~/.passwd-s3fs
/etc/.passwd-s3fs
~/.bash_profile

For the .passwd-s3fs I have set the permissions as follows.

chmod 600 ~/.passwd-s3fs
chmod 640 /etc/.passwd-s3fs

Additionally, the .passwd-s3fs files have the content as suggested in this format: AWSACCESSKEYID:AWSSECRETACCESSKEY.

I have also logged out and in just to make sure the changes take effect. When I execute this command /usr/bin/s3fs bucketname /mnt, I get the following response.

s3fs: MOUNTPOINT: /mnt permission denied.

When I run the same command with sudo, e.g. sudo /usr/bin/s3fs mybucket /mnt, I get the following message.

s3fs: could not determine how to establish security credentials.

I am using s3fs v1.84 on the following AMI ami-0ff8a91507f77f867 (Amazon Linux AMI 2018.03.0.20180811 x86_64 HVM GP2). From the AWS Console for S3, my bucket's name is NOT mybucket but something just as simple (I am wondering if there's anything special I have to do with naming).

Additionally, my AWS access and secret key pair is generated from the IAM web interface and placed into the admin group (having AdministratorAccess policy) defined below.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}

Any ideas on what's going on? Did I miss a step?

Solution

After tinkering a bit, I found the following helps.

/usr/bin/s3fs mybucket /mnt -o passwd_file=.passwd-s3fs -o allow_other

Note that I specify the .passwd-s3fs file's location. And also note that I allow others to view the mount. Additionally, I had to modify /etc/fuse.conf to enable user_allow_other.

# mount_max = 1000
user_allow_other

To test, I typed in touch /mnt/README.md and then observed the file in my S3 bucket (web UI).

I am a little disappointed that this problem is not better documented. I would have expected the default home location or /etc to be where the .passwd-s3fs file would be looked by the tool, but that's not the case. Additionally, sudo (as suggested by a link I did not bookmark) forces the tool to look in ~/home/root, which does not exists.