S3 bucket issues after migrating from Ubuntu install to Docker install

Troubleshooting
1

For feature requests, please see: https://mattermost.com/suggestions/.

For troubleshooting questions, please post in the following format:

Summary
Hi all, I am running into an issue where my docker version of Mattermost can’t see the s3 bucket that it was previously using in the Ubuntu installed version. I copied the config.json file and have given s3:* actions on both the ec2 IAM role as well as the s3 bucket policy.

We have a stable docker container, but the actual issue we’re running into is that we can’t see anyone’s profile pictures(they’re stored in s3) as well as uploaded images.

Steps to reproduce
Docker install
Enterprise edition
dockerhub tag release-8.1

config.json:

"FileSettings": {
        "EnableFileAttachments": true,
        "EnableMobileUpload": true,
        "EnableMobileDownload": true,
        "MaxFileSize": 10485760,
        "MaxImageResolution": 33177600,
        "MaxImageDecoderConcurrency": -1,
        "DriverName": "amazons3",
        "Directory": "./data/",
        "EnablePublicLink": false,
        "ExtractContent": true,
        "ArchiveRecursion": false,
        "PublicLinkSalt": "NAMEOFOURPUBLICSALT",
        "InitialFont": "nunito-bold.ttf",
        "AmazonS3AccessKeyId": "",
        "AmazonS3SecretAccessKey": "",
        "AmazonS3Bucket": "NAMEOFOURS3BUCKET",
        "AmazonS3PathPrefix": "",
        "AmazonS3Region": "us-east-1",
        "AmazonS3Endpoint": "s3.amazonaws.com",
        "AmazonS3SSL": true,
        "AmazonS3SignV2": false,
        "AmazonS3SSE": false,
        "AmazonS3Trace": true,
        "AmazonS3RequestTimeoutMilliseconds": 30000,
        "DedicatedExportStore": false,
        "ExportDriverName": "local",
        "ExportDirectory": "./data/",
        "ExportAmazonS3AccessKeyId": "",
        "ExportAmazonS3SecretAccessKey": "",
        "ExportAmazonS3Bucket": "",
        "ExportAmazonS3PathPrefix": "",
        "ExportAmazonS3Region": "",
        "ExportAmazonS3Endpoint": "s3.amazonaws.com",
        "ExportAmazonS3SSL": true,
        "ExportAmazonS3SignV2": false,
        "ExportAmazonS3SSE": false,
        "ExportAmazonS3Trace": false,
        "ExportAmazonS3RequestTimeoutMilliseconds": 30000,
        "ExportAmazonS3PresignExpiresSeconds": 21600
    }

The exact error message I’m seeing in the docker logs is:

"Unable to connect to S3. Verify your Amazon S3 connection authorization parameters and authentication settings., unable to check if the S3 bucket exists"

Here to answer follow up questions as well. Thanks in advance for any insight!

EDIT: We upgraded the MM image from 7.1.4 → release-8.1 during this transition as well, and reverting our version back to 7.1.4 using our exact dockerized config, works perfectly. The MM upgrade docs stop at “Upgrade to v7.1” and I’m wondering if there are changes after 7.1 that aren’t documented by MM…

2

I found the issue being most likely a change in how the Go SDK is used to authenticate with AWS.

We had to use an AWS Key and Secret Key versus using an IAM role attached to an EC2. This is a regression from a security perspective.

1 Like
3

Hi Tyler,

Welcome to the Mattermost Community Forums, and I’m sorry to hear that you’re experiencing issues with the migration.

It seems like you’re facing an issue with your Docker installation of Mattermost, where it can’t access the S3 bucket for profile pictures and uploaded images. The error message suggests that there might be a problem with the Amazon S3 connection authorization parameters and authentication settings.

Based on the information you provided, it seems that you have copied the config.json file from the Ubuntu installed version to the Docker installation. However, you mentioned that you had to switch from using an IAM role attached to an EC2 to using an AWS Key and Secret Key for authentication. This change may have caused the issue.

To resolve the problem, you need to update the config.json file in your Docker installation with the correct AWS access key ID and secret access key. Make sure to replace the empty strings "" in the AmazonS3AccessKeyId and AmazonS3SecretAccessKey fields with the appropriate values.

Here’s an example of how the relevant part of your config.json file should look:

"FileSettings": {
    "EnableFileAttachments": true,
    "EnableMobileUpload": true,
    "EnableMobileDownload": true,
    "MaxFileSize": 10485760,
    "MaxImageResolution": 33177600,
    "MaxImageDecoderConcurrency": -1,
    "DriverName": "amazons3",
    "Directory": "./data/",
    "EnablePublicLink": false,
    "ExtractContent": true,
    "ArchiveRecursion": false,
    "PublicLinkSalt": "NAMEOFOURPUBLICSALT",
    "InitialFont": "nunito-bold.ttf",
    "AmazonS3AccessKeyId": "YOUR_AWS_ACCESS_KEY_ID",
    "AmazonS3SecretAccessKey": "YOUR_AWS_SECRET_ACCESS_KEY",
    "AmazonS3Bucket": "NAMEOFOURS3BUCKET",
    "AmazonS3PathPrefix": "",
    "AmazonS3Region": "us-east-1",
    "AmazonS3Endpoint": "s3.amazonaws.com",
    "AmazonS3SSL": true,
    "AmazonS3SignV2": false,
    "AmazonS3SSE": false,
    "AmazonS3Trace": true,
    "AmazonS3RequestTimeoutMilliseconds": 30000,
    ...
}

Make sure to replace "YOUR_AWS_ACCESS_KEY_ID" and "YOUR_AWS_SECRET_ACCESS_KEY" with your actual AWS access key ID and secret access key, respectively.

Once you’ve made these changes, restart your Mattermost Docker container, and it should be able to connect to the S3 bucket and display profile pictures and uploaded images.

Let me know if you have any further questions or need additional assistance!

Best regards,
~Matterbot 2.0 :robot:

[Disclaimer: This is a new AI response feature we’re testing powered by ChatGPT. Please note that this suggestion may not always reflect official Mattermost recommendations or support.
Were any of the above suggestions inaccurate? Let us know by replying to this comment!]