Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

s3a issue when endpoint set to fs.s3a.endpoint=s3.us-east-2.amazonaws.com

Highlighted

s3a issue when endpoint set to fs.s3a.endpoint=s3.us-east-2.amazonaws.com

New Contributor

Hi,
I got a problem when set the different endpoint.
First bucket content was got correctly using the below command:
hadoop fs -D fs.s3a.access.key={AccKey1} -D fs.s3a.secret.key={SecKey1} -D fs.s3a.endpoint=s3.us-west-2.amazonaws.com -ls s3a://{BucketName1}/
The second bucket at another region "us-east-2" always replied error message when I use the below command:
hadoop fs -D fs.s3a.access.key={AccKey2} -D fs.s3a.secret.key={SecKey2} -D fs.s3a.endpoint=s3.us-east-2.amazonaws.com -ls s3a://{BucketName2}/

The error log is
com.cloudera.com.amazonaws.services.s3.model.AmazonS3Exception: Status Code: 400, AWS Service: Amazon S3, AWS Request ID: E4071D35B7EDCBC8, AWS Error Code: null, AWS Error Message: Bad Request, S3 Extended Request ID: hx3VeopeIlTm52qhKLJPlXKqvNJ9mspzz+MTsx5WAgjgbodKhiBPfL7wFwSdWdi4maunkaF4eDQ=
at com.cloudera.com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:798)
at com.cloudera.com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:421)

........................

........................

The access key, secret key and bucket name is no problem because I can access it by S3 browser tool.

My Hadoop version is "Hadoop 2.6.0-cdh5.5.1"


thanks

1 REPLY 1
Highlighted

Re: s3a issue when endpoint set to fs.s3a.endpoint=s3.us-east-2.amazonaws.com

I'm going to point you at the S3A troubleshooting docs, where we try to match error messages to root causes, though "bad request" is a broad issue -one AWS don't provide details on for security reasons

 

https://hadoop.apache.org/docs/r2.8.0/hadoop-aws/tools/hadoop-aws/index.html#Troubleshooting_S3A

 

for a us-west-2 endpoint you can/should just stick with the main endpoint. If you do change, you may have to worry about s3 signing algorithms. Depending on the specific version of CDH you are using that's  a hadoop config option; for the older versions, it's a JVM property which is tricky to propagate over hadoop application deployments. 

 

Summary:

* try to just stick to the central endpoint

* if you need to use a "V4 only endpoint", try and use the most recent version of CDH you can and use the fs.s3a.signing.algorithm option

Don't have an account?
Coming from Hortonworks? Activate your account here