If I run just xtrabackup without xbcloud it works fine, and the backup is saved locally. I have access to IAM Profile for AWS S3 with correct role, I tested it.
if I try to do xbcloud get s3://cashli-dev-percona-backups/test.txt it just never returns the response on stdout. I have internet blocked on the instance but the s3 endpoints can be access by services, because it’s enabled on endpoints and also aws s3 ls s3://your-bucket-name works fine
Hi @Ben_Chiciudean , seems like you are having a firewall issue. xbcloud will have to make redirects if aws gives it a different endpoint. Can you please run xbcloud get command passing --verbose flag and share the results here.
You might want to obfuscate sensitive information such as your access and secret keys
This is how tokens via IAM works, We generate a temporary token, this token is used to fetch instance profile and retrieve the token used to authenticate into S3. Can you please those commands manually:
#Generate a token
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
#Check if we have any instance profile (You should see your IAM role here)
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/
#Retirve the instance profile data ( adjust YOUR_INSTANCE_PROFILE to the output from previous command)
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/YOUR_INSTANCE_PROFILE
bash-4.4$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:01:29 --:--:-- 0^C