Skip to navigationSkip to main contentSkip to footerScaleway Docs

My API key does not work with Object Storage

Before you start

To complete the actions presented below, you must have:

Problem

When using third-party API or CLI tools, such as the AWS CLI, MinIO Client, or Rclone to manage your Object Storage resources, you may experience one of the following issues connecting to the Scaleway API or listing your resources:

  • Listing your buckets with a third-party tool returns nothing, but you have at least one bucket created in the Scaleway console.

  • The tool returns An error occurred (Forbidden) when calling the ListObjectsV2 operation: Forbidden or a similar message.

  • The tool returns a 403 error.

Cause

The API key you used to configure the Amazon S3 third-party tool has a preferred Project assigned.

If you try to perform Object Storage operations in a Project that is NOT the preferred Project using a third-party tool, you will not be able to access your resources, resulting in an error message or an empty response.

Solution

  1. Make sure that you are using a valid API key.

  2. Make sure that the bearer of the API key (IAM user or application) has the appropriate IAM permissions to perform the desired actions.

  3. Make sure that the API key's preferred Project is the same as the one where you are performing actions. You can change the preferred project of your API key:

  4. Make sure that there is no bucket policy preventing the action. If there is one, update the bucket policy to allow the desired actions to the bearer of the API key.

You should now be able to list your buckets using a supported Amazon Amazon S3-compatible third-party tool.

Going further

  • Refer to the documentation on using IAM API keys with Object Storage for more information.

  • Refer to the documentation on bucket policies for more information.

  • If you did not manage to identify the error and solve it by yourself, open a support ticket, and provide as many details as possible, along with the necessary information below:

    • Object Storage Endpoint (e.g. s3.fr-par.scw.cloud)
    • Bucket name
    • Object name (if the request concerns an object)
    • Request type (PUT, GET, etc.)
    • HTTP status code
    • Date and time (timestamp)
    • User-agent (SDK, client, console, etc.)
    • Transaction ID (if possible)
    • Log / trace of the error (if possible)
Still need help?

Create a support ticket
No Results