CreateMultipartUpload no longer works (401)

bengtove · September 2, 2023, 7:29am

We migrated to R2 last December and both automated tests and real world use was fine.
But somewhere between late April and now, createMultipartUpload started returning 401. Other operations like getSignedUrlPromise are still working fine, which suggests the API key is good.

Nothing changed in our end and I can’t find any clues in the R2 changelogs.

aws-sdk version is 2.1048.0

Example response:

{
  createMultipartUpload: 'failed',
  err: true,
  UploadId: undefined,
  Bucket: 'raw',
  Key: 'maps/78mH396tM9Xa3nTVxkAaBL.zip'
}
Unauthorized: Unauthorized
    at Request.extractError (/***/server/node_modules/aws-sdk/lib/services/s3.js:710:35)
    at Request.callListeners (/***/server/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/***/server/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/***/server/node_modules/aws-sdk/lib/request.js:686:14)
    at Request.transition (/***/server/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/***/server/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /***/server/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/***/server/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/***/server/node_modules/aws-sdk/lib/request.js:688:12)
    at Request.callListeners (/***/server/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
  code: 'Unauthorized',
  region: null,
  time: 2023-09-02T06:44:41.713Z,
  requestId: null,
  extendedRequestId: undefined,
  cfId: undefined,
  statusCode: 401,
  retryable: false,
  retryDelay: 57.51120611857634
}

Erisa · September 2, 2023, 9:31am

Did your R2 token expire? They try to be created with 1 year validity by default, especially back in beta days. You can double check this in Audit log if you like by ticking user level actions.

Try creating a new token regardless, do you get the same error?

bengtove · September 5, 2023, 5:36am

Thanks for your suggestion. The token had not expired, but creating a new token did solve the issue. I guess the old token was missing some claim that is now required.

system · September 8, 2023, 5:37am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.