Using a single-host ECE 3.5 environment, we're attempting to connect a deployment to an S3 bucket. The AWS policy is configured to allow access to the S3 bucket from the instance hosting ECE using an instance role.
We've tested connectivity/access from the ECE host to the S3 bucket using the aws s3 ls command.
The ECE Admin UI (Platform -> Repositories -> Add Repository) requires an Access Key and a Secret Key, but if you use the API, you can get ECE to accept the settings for a repository without those fields (this was suggested by Elastic support).
... and we added s3.client.default.endpoint as a setting to the elasticsearch settings for the deployment.
However, when we go to the deployment and navigate Stack Management -> Snapshot and Restore -> Repositories and then click on found-snapshots and click the "Verify Repository", we get this message:
{
"name": "ResponseError",
"message": "repository_verification_exception\n\tCaused by:\n\t\ti_o_exception: Unable to upload object [snapshots/8a31846b<redacted>d254a/tests-9AqsGB<redacted>94A/master.dat] using a single upload\n\tRoot causes:\n\t\trepository_verification_exception: [found-snapshots] path [snapshots/8a31846b<redacted>254a] is not accessible on master node"
}
A test was also conducted without the s3.client.default.endpoint setting in the elasticsearch config and the results were the same.
Has anyone been able to get an S3 repository to work in an ECE-managed environment? I'd be content with a declarative statement in the vendor documentation saying that using instance roles to access S3 buckets is not supported with ECE, but we've been unable to get concurrence on that either. Any ideas?