Xbcloud s3 get or put always makes a request to "/" resulting in 403 forbidden

I’m trying to backup to s3 using xbcloud but I get the error “xbcloud: Probe failed. Please check your credentials and endpoint settings.”

I’m using temporary AWS credentials to authenticate and this is the command I’m using:

xbcloud put example-backup --s3-access-key "${AWS_ACCESS_KEY_ID}" --s3-secret-key "${AWS_SECRET_ACCESS_KEY}" --s3-session-token "${AWS_SESSION_TOKEN}" --storage=s3 --s3-bucket=<my-bucket-here>

When I add --verbose I can see a HEAD request is made to “/” which returns a 403 as no such file exists. Here’s the request:

xbcloud put example-backup --s3-access-key "${AWS_ACCESS_KEY_ID}" --s3-secret-key "${AWS_SECRET_ACCESS_KEY}" --s3-session-token "${AWS_SESSION_TOKEN}" --storage=s3 --s3-bucket=<my-bucket-here> --verbose
*   Trying 52.216.100.6...
* TCP_NODELAY set
* Connected to mybucket.s3.us-east-1.amazonaws.com (52.216.100.6) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=s3.amazonaws.com
*  start date: Apr  1 00:00:00 2022 GMT
*  expire date: Mar 30 23:59:59 2023 GMT
*  subjectAltName: host "mybucket.s3.us-east-1.amazonaws.com" matched cert's "*.s3.us-east-1.amazonaws.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
Host: mybucket.s3.us-east-1.amazonaws.com
Accept: */*
Accept-Encoding: gzip
Authorization: AWS4-HMAC-SHA256 Credential=<redacted>/20220622/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security
-token, Signature=98952075c143fc002d2816e6a209fc3a29f3086f3994012eb8b7eca263fc054c
X-Amz-Content-SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20220622T100940Z
X-Amz-Security-Token: <redacted>

< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: us-east-1
< x-amz-request-id: CJS7VQG9MVP52Y01
< x-amz-id-2: vW2rmHK6dROgeN22BuXd4wGztZkzEdhlMnt9u1109rLQNQuH0aYsymMkwJMcLmAQ6+h5Ry8WI04=
< Content-Type: application/xml
< Date: Wed, 22 Jun 2022 10:09:40 GMT
< Server: AmazonS3

How do I stop this request being made? Or is there anything I can do in S3 to make this pass.
I tried to enable static hosting on the bucket with / mapped to index.html but it didn’t help.
I also tested the same temporary credentials with the Minio client and it works ok there.

For anyone else having this issue, it was due to the IAM policy only allowing access to /* and not the root of the bucket itself. E.g this is a working policy resource list

                        Resource = [
                            "arn:aws:s3:::mybucket",
                            "arn:aws:s3:::mybucket/*",
                        ]