Troubleshooting S3 access point issues - FSx for OpenZFS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Troubleshooting S3 access point issues

This section describes symptoms, causes, and resolutions for when you encounter issues accessing your FSx data from S3 access points.

The file system is unable to handle S3 requests

If the S3 request volume for a particular workload exceeds the file system’s capacity to handle the traffic, you may experience S3 request errors (for example, Internal Server Error, 503 Slow Down, and Service Unavailable). You can proactively monitor and alarm on the performance of your file system using Amazon CloudWatch metrics (for example, Network throughput utilization and CPU utilization). If you observe degraded performance, you can resolve this issue by increasing the file system's throughput capacity.

Client ETag mismatch error with Amazon Java SDK v1

When using the Amazon Java SDK v1 to access data via the S3 API, you may encounter an SDK client exception with the following message:

Unable to verify integrity of data download. Client calculated content hash didn’t match hash calculated by Amazon S3

This error occurs specifically when attempting to retrieve a file that was initially written or has been modified using file-protocols. To resolve this issue, you can either configure your Amazon Java SDK to disable MD5 checksum validation on GetObject or update to the Amazon Java SDK v2.

Access Denied with default S3 access point permissions for automatically created service roles

Some S3-integrated Amazon services will create a custom service role and customize the attached permissions to your specific usecase. When specifying your S3 access point alias as the S3 resource, those attached permissions may include your access point using a bucket ARN format (for example, arn:aws:s3:::my-fsx-ap-foo7detztxouyjpwtu8krroppxytruse1a-ext-s3alias) rather than the access point ARN format (for example, arn:aws:s3:us-east-1:1234567890:accesspoint/my-fsx-ap). To resolve this, modify the policy to use the ARN of the access point.