Unauth Error on Moving Data from DataLake to S3

Hello, im new to Mongo but was tasked with creating a DataLake and getting that Data into S3. Im following along with the guide How to Automate Continuous Data Copying from MongoDB to S3

When I try to test the Export to S3 trigger I get the following error.

I tried contacting support and they just suggested I add

    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:DeleteObject"
    ] 

To the role policy in aws but its already there. It was in the initial policy that was generated on the DataLake creation.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "S3 Bucket",
        "S3 Bucket*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "S3 Bucket",
        "S3 Bucket"
      ]
    }
  ]
}

Not sure where the error lies on the AWS or Mongo side. Any help would be greatly appreciated. Thanks!

1 Like

Hi @JoeKarlsson – someone having permission issues following along with your post.

2 Likes

Thank you @Andrew_Morgan @JoeKarlsson

1 Like

Hey @Chase_Russell! First of all, thanks for coming to the MongoDB Community and asking this great question! Let’s see if I can help you get this working.

I’m guessing the issue lies somewhere with the AWS Integration with Atlas. Which isn’t too surprising since AWS auth can get pretty confusing. Could you send me a screenshot of your AWS IAM Role Access page? I just want to make sure it’s setup and pointing to the right place. Here’s mine:

1 Like

Hi Joe! Thank you very much for your reply. Great article by the way!

Here are my settings:

Can you show me the linked data sources on your Atlas Trigger? It should be linked to your Atlas Data Lake.

Good Morning Joe, yep

Interesting. :thinking::thought_balloon: What happens if you rerun the permissions script that Atlas gives you through the AWS CLI? Does it give any errors? Can you show the AWS IAM profile?