Hello tisham_csiro,
I am from one of the teams supporting data distribution and have been trying to replicate what you describe here and have not been able to do so. Would you mind providing more information about your setup to help us fix this?
So far, I have tested the following (and these work):
1. I can, from a VPC in us-west-2 with an S3 Gateway endpoint and internet gateway, execute a curl following redirects automatically and obtain the data.
2. I can, from my local laptop, execute the same command.
3. I can access the data from the browser when logged in.
The only way I can replicate the error you have generated so far is by doing the following:
1. From a machine with us-west-2, make an https request to the OB endpoint, not following all the redirects.
2. Paste the redirect into my local terminal (not in AWS).
The pattern I describe is the expected behavior. The error message you are posting is not an S3 permissions error, rather it is the role which signed the url no longer having permissions to access the data when it processes the redirect. Something is changing between the time the presigned url is generated and when the request to execute it is processed.
Can you please provide more detail on how you are handling the final redirect and/or how your VPC is setup that may be different from mine?
With regards to your question about the /s3credentials endpoints for OBDAAC, to my knowledge, each of the DAACs should have such an endpoint which should behave the same. To wit, they should allow direct S3 interactions from resources in the same AWS region as the data.
Ryan Miller
NGAP Feature Team Product Owner
OB_CLOUD STAC API is missing CORS Headers
-
ryan_miller
- Posts: 1
- Joined: Wed Dec 18, 2024 3:25 pm America/New_York