Input 'aws-s3' failed with: failed to initialize s3 poller

Elastic Stack Beats
40

I'm also pulling my hair on this black hole of an issue... i got this cross account setup like so:

# UserA (in account A)

{
       "Effect": "Allow",
       "Action": [
           "s3:GetObject",
           "s3:ListBucket",
           "s3:GetBucketLocation"
       ],
       "Resource": [
           "arn:aws:s3:::bucket-in-ca-central-1/*",
           "arn:aws:s3:::bucket-in-ca-central-1"
       ]
   }

# BucketB (in account B)

{
    "Sid": "AllowFilebeatPolling",
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::1234567890:user/UserA"
    },
    "Action": [
      "s3:GetObject",
      "s3:ListBucket",
      "s3:GetBucketLocation"
    ],
    "Resource": [
      "arn:aws:s3:::${var.s3_bucket_name}",
      "arn:aws:s3:::${var.s3_bucket_name}/*"
    ]
}

I can replicate all the actions with the equivalent cli as user A to bucket B, it works as expected, BUT whenever i tried to initialize filebeat it spits back 403...

... compat/compat.go: 122
"Input 'aws-s3' failed with: failed to initialize s3 poller: failed to get AWS region for bucket_arn:

So im wondering does it have something to do with "block all public access" on the bucket itself? I'll report back later with what i find...