The GET /_snapshot returned this
$ curl -sS -XGET http://127.0.0.1:9200/_snapshot | jq .
{
"data43-es-snapshots-scratch": {
"type": "s3",
"settings": {
"bucket": "data43",
"base_path": "es-snapshots/scratch",
"readonly": "true",
"region": "us-gov-west-1"
}
}
}
And here's the result after turning on logging -
[2021-10-14T21:44:52,376][DEBUG][o.e.r.s.S3Repository ] [JdRGfj8] using bucket [data43], chunk_size [1gb], server_side_encryption [false], buffer_size [51.1mb], cannedACL [], storageClass []
[2021-10-14T21:44:52,448][DEBUG][c.a.s.s.AmazonS3Client ] [JdRGfj8] Bucket region cache doesn't have an entry for data43. Trying to get bucket region from Amazon S3.
[2021-10-14T21:44:52,455][DEBUG][c.a.request ] [JdRGfj8] Sending Request: HEAD https://data43.s3.amazonaws.com / Headers: (User-Agent: aws-sdk-java/1.11.406 Mac_OS_X/11.6 OpenJDK_64-Bit_Server_VM/17+0 java/17, amz-sdk-invocation-id: 729849c9-4684-fe7f-008d-b9f777708353, Content-Type: application/octet-stream, )
[2021-10-14T21:44:52,459][DEBUG][c.a.a.AWS4Signer ] [JdRGfj8] AWS4 Canonical Request: '"HEAD
/
amz-sdk-invocation-id:729849c9-4684-fe7f-008d-b9f777708353
amz-sdk-retry:0/0/500
content-type:application/octet-stream
host:data43.s3.amazonaws.com
user-agent:aws-sdk-java/1.11.406 Mac_OS_X/11.6 OpenJDK_64-Bit_Server_VM/17+0 java/17
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:20211015T014452Z
amz-sdk-invocation-id;amz-sdk-retry;content-type;host;user-agent;x-amz-content-sha256;x-amz-date
UNSIGNED-PAYLOAD"
[2021-10-14T21:44:52,460][DEBUG][c.a.a.AWS4Signer ] [JdRGfj8] AWS4 String to Sign: '"AWS4-HMAC-SHA256
20211015T014452Z
20211015/us-east-1/s3/aws4_request
75e2f91dcd70c14fd181687423f71f917fe817f4db3859ed789a7b2ca2c66c4e"
[2021-10-14T21:44:52,548][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] connecting to data43.s3.amazonaws.com/52.217.172.185:443
[2021-10-14T21:44:52,549][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] Connecting socket to data43.s3.amazonaws.com/52.217.172.185:443 with timeout 10000
[2021-10-14T21:44:52,588][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] Enabled protocols: [TLSv1.3, TLSv1.2]
[2021-10-14T21:44:52,589][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
[2021-10-14T21:44:52,590][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] socket.getSupportedProtocols(): [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello], socket.getEnabledProtocols(): [TLSv1.3, TLSv1.2]
[2021-10-14T21:44:52,590][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] TLS protocol enabled for SSL handshake: [TLSv1.2, TLSv1.1, TLSv1, TLSv1.3]
[2021-10-14T21:44:52,590][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] Starting handshake
[2021-10-14T21:44:52,780][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] Secure session established
[2021-10-14T21:44:52,780][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] negotiated protocol: TLSv1.2
[2021-10-14T21:44:52,780][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[2021-10-14T21:44:52,781][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] peer principal: CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US
[2021-10-14T21:44:52,781][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] peer alternative names: [*.s3.amazonaws.com, s3.amazonaws.com]
[2021-10-14T21:44:52,781][DEBUG][c.a.h.c.s.SdkTLSSocketFactory] [JdRGfj8] issuer principal: CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US
[2021-10-14T21:44:52,783][DEBUG][c.a.i.SdkSSLSocket ] [JdRGfj8] created: data43.s3.amazonaws.com/52.217.172.185:443
[2021-10-14T21:44:52,859][DEBUG][c.a.i.SdkSSLSocket ] [JdRGfj8] shutting down output of data43.s3.amazonaws.com/52.217.172.185:443
[2021-10-14T21:44:52,859][DEBUG][c.a.i.SdkSSLSocket ] [JdRGfj8] shutting down input of data43.s3.amazonaws.com/52.217.172.185:443
[2021-10-14T21:44:52,859][DEBUG][c.a.i.SdkSSLSocket ] [JdRGfj8] closing data43.s3.amazonaws.com/52.217.172.185:443
[2021-10-14T21:44:52,860][DEBUG][c.a.request ] [JdRGfj8] Received error response: com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: 41QGSB17A14BHK3G; S3 Extended Request ID: UkIqbHY8qZpfgiqx3MwJsQUFC81A4fi+1/FyBuJewc4hpMYJd5XF3E049ToFgH9naTa9SyQnh2w=), S3 Extended Request ID: UkIqbHY8qZpfgiqx3MwJsQUFC81A4fi+1/FyBuJewc4hpMYJd5XF3E049ToFgH9naTa9SyQnh2w=
[2021-10-14T21:44:52,860][DEBUG][c.a.s.s.AmazonS3Client ] [JdRGfj8] Not able to derive region of the data43 from the HEAD Bucket requests.
[2021-10-14T21:44:52,860][DEBUG][c.a.s.s.AmazonS3Client ] [JdRGfj8] Region for data43 is null
...
[there's a subsequent http request that gets rejected]