Hi,
I am using the Labelbox integration tool to create a dataset from an AWS S3 Bucket. I have set the Integration tool successfully thanks to this documentation, and checking the connection shows both Role successfully assumed
and External ID configured securely
.
However, when I try to add the dataset using the created JSON file (see below), it seems it generates the data-id (the hashes), but it gets a ‘Forbidden’ error on all of them. I have tested with a more straightforward JSON entry with the same result.
Here is the sample JSON file:
[
{
"externalId": "v11261171",
"videoUrl": "https://my-dataset.s3.amazonaws.com/v_11261171_A+B.mp4"
},
{
"externalId": "v115483513",
"videoUrl": "https://my-dataset.s3.amazonaws.com/v_115483513_C+D.mp4"
}
]
I have followed the documentation on the Policy, Role, and CORS. I also simulate access using PolicySim, and it seems to be working (according to the below image):
As additional information: Here is the JSON of each element:
The Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::nxxxxx-dataset/*"
}
]
}
The Role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::3406xxxxxxx2:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh"
}
}
}
]
}
And the CORS is copied from the documentation as follows:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"https://app.labelbox.com",
"https://editor.labelbox.com"
],
"ExposeHeaders": []
}
]
The only point I’m suspicious of is the region where S3 exists. My free root account has been on the Global region, and STS has been enabled. However, as far as I understand, the S3 bucket is in US-East-1, while in the documentation, it only needs the US-East-2 region to be enabled. I have already checked that, and US-East-2 is activated in the STS. But I’m not sure if I need to migrate the current S3 bucket exactly to the US-EAST-2 as well.