Failed to mount Directory bucket in read-only mode

[jy-frankfan]

Mountpoint for Amazon S3 version

mount-s3 1.7.1

AWS Region

us-east-1

Describe the running environment

• Running in EKS where the nodegroup is a self-managed EC2 ASG.
• No
• IRSA
• Ubuntu 22.04

Mountpoint options

'mount-s3 <my-bucket> /tmp -d --allow-other --auto-unmount --foreground --read-only --force-path-style;

What happened?

Mountpoint failed with IAM issue when the S3 Directory Bucket Policy has

{
    "Effect": "Allow",
    "Principal": {
        "AWS": [
            "<IAM role ARN>",
        ]
    },
    "Action": "s3express:CreateSession",
    "Resource": "arn:aws:s3express:us-east-1:<account-id>:bucket/<bucket>",
    "Condition": {
        "StringEquals": {
            "s3express:SessionMode": "ReadOnly"
        }
    }
}

It works normally if the Condition block is removed.

I wonder if mount-s3 include x-amz-create-session-mode: ReadOnly when --read-only is given in the argument.

Relevant log output

No response

[dannycjones]

Thanks for opening this issue, @jy-frankfan. We are aware of the issue, Mountpoint currently will create a ReadWrite S3 Express session regardless of the --read-only flag.

I'll share with the team, as we'd like for the session to be created using ReadOnly mode in the future.