Cause and Solution:

ARTIFACTORY: AWS S3 connectivity and troubleshooting steps

AuthorFullName__c
Pranav Hegde
articleNumber
000005398
ft:sourceType
Salesforce
FirstPublishedDate
2022-09-01T11:15:57Z
lastModifiedDate
2022-09-01
VersionNumber
3
In some of the cases even though the kmsClientSideEncryptionKeyId is correctly configured, if the following URL https://sts.amazonaws.com is not whitelisted on the host/cluster where Artifactory is hosted, you would observe the above error in the Artifactory logs.


Below is the example I AM permission:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "XXXXXXXXX"
        },
     {
          "Sid": "AllowUseOfKeyInAccountxxxxx",
          "Effect": "Allow",
          "Action": [
            "kms:Encrypt",
            "kms:Decrypt",
            "kms:ReEncrypt*",
            "kms:GenerateDataKey*",
            "kms:DescribeKey"
          ],
         "Resource": "XXXXXXXXXX"
       }
    ]
}