I have tested your scenario using PXCO 1.7.0 and the same aws region and unfortunately I can not reproduce the issue:
CR:
backup:
image: percona/percona-xtradb-cluster-operator:1.7.0-pxc8.0-backup
# serviceAccountName: percona-xtradb-cluster-operator
# imagePullSecrets:
# - name: private-registry-credentials
pitr:
enabled: false
storageName: STORAGE-NAME-HERE
timeBetweenUploads: 60
storages:
s3-eu-west-1:
type: s3
s3:
bucket: *****
credentialsSecret: aws-s3-secret
region: eu-west-1
schedule:
- name: "daily-s3-backup"
schedule: "00 14 * * *"
keep: 3
storageName: s3-eu-west-1
log:
2021-04-16 14:00:09.864 INFO: [SST script] + backup_s3
2021-04-16 14:00:09.865 INFO: [SST script] + S3_BUCKET_PATH=cluster1-2021-04-16-14:00:05-full
2021-04-16 14:00:09.865 INFO: [SST script] + echo 'Backup to s3://******/cluster1-2021-04-16-14:00:05-full started'
2021-04-16 14:00:09.865 INFO: [SST script] Backup to s3://******/cluster1-2021-04-16-14:00:05-full started
2021-04-16 14:00:09.865 INFO: [SST script] + mc -C /tmp/mc config host add dest https://s3.amazonaws.com ACCESS_KEY_ID SECRET_ACCESS_KEY
2021-04-16 14:00:10.348 INFO: [SST script] Added `dest` successfully.
As you can see when you add --api key , mc does not call the validation call path: `mc config host add` can have an option to skip the credentials verify. · Issue #2422 · minio/mc · GitHub So, it is not connected with mc version.
You need to check your s3 IAM policies, maybe you do not have enough permission to your bucket or you have some specific configuration of your bucket.
I need to have more information from your end (e.g. example of your s3 IAM policies) to reproduce it.