Skip to main content

I am using AWS MFA and when MFA is not enabled, I cannot access S3. I am getting the following error:


{'error': {'status': 400, 'reason': 'Bad Request', 'message': 's3://xxxx/xxxx.gpkg does not exist or is not accessible.', 'code': 'COMMON_BAD_PAYLOAD'}}

I’m trying to use temporary security credentials obtained through AWS’s get-session-token , and including AWS_SESSION_TOKEN in the request payload like this:


def prepare_batch_sta_request_payload(

    evalscript: str,

    input_s3_path: str,

    output_s3_path: str,

    timerange_from: str,

    timerange_to: str,

):

    access_key = os.environi"AWS_ACCESS_KEY_ID"]

    secret_access_key = os.environi"AWS_SECRET_ACCESS_KEY"]

    session_token = os.environi"AWS_SESSION_TOKEN"]

    request_payload = {

        "input": {

            "features": {

                "s3": {

                    "url": input_s3_path,

                    "accessKey": access_key,

                    "secretAccessKey": secret_access_key,

                    "sessionToken": session_token,

                }

            },

            "data": a

                {

                    "type": "sentinel-2-l2a",

                    "dataFilter": {

                        "timeRange": {

                            "from": timerange_from,

                            "to": timerange_to,

                        },

                        "mosaickingOrder": "leastCC",

                        "maxCloudCoverage": 100,

                    },

                }

            ],

        },

        "aggregation": {

            "timeRange": {"from": timerange_from, "to": timerange_to},

            "aggregationInterval": {"of": "P1D"},

            "evalscript": evalscript,

            "resx": 10,

            "resy": 10,

        },

        "output": {

            "s3": {

                "url": output_s3_path,

                "accessKey": access_key,

                "secretAccessKey": secret_access_key,

                "sessionToken": session_token,

            }

        },

    }

    return request_payload

Is it possible to execute the above by including AWS_SESSION_TOKEN in the request payload using the temporary authentication information obtained by get-session-token ?

Hi,

Unfortunately, we do not support parsing the session token to the API as the session lifetime may not be sufficient for the request to complete.

We would recommend using “Assume IAM role”, which is also the recommended workflow by AWS. Please check the access your bucket using assume iam role section for more infomation.

Hello, thank you for your response.
I’ll chek it 🙂

Reply


Terms & Conditions
Planet Monitoring
Planet Tasking
Planet Analytic Feeds
Planetary Variables
Planet Basemaps
Agriculture
Energy & Infrastructure
Forestry & Land Use
Finance & Insurance
Mapping
Sustainability
Maritime
Civil Government
US State and Local
Europe
Planet Federal
Armed Services
Defense & Intelligence
Investors
Connect with Planet Partners
Become a Partner
Planet Esri Partnership
Certification Program
Find a Partner
About Us
Customer Stories
Our Team
Careers
Press
Resources
ESG at Planet
Contact Us
Art at Planet
FAQs
Planet University
Developer Center
Help Center
Contact Sales
Explorer Log In
Partner Portal
Investors
Blog
Gallery
Disaster Data
Publications
Planet Insights
Planet Stories

© 2024 Planet Labs PBC. All rights reserved.
| Privacy Policy | California Privacy Notice | California Do Not Sell
Your Privacy Choices | Cookie Notice | Terms of Use