ClientFailure with Unexcepted Response and Access Denied

{"schema":"iglu:com.snowplowanalytics.snowplow.badrows/schema_violations/jsonschema/2-0-1","data":{"processor":{"artifact":"snowplow-enrich-kinesis","version":"3.9.0"},"failure":{"timestamp":"2024-11-06T18:01:09.389884Z","messages":[{"schemaKey":"iglu:com.snowplowanalytics.snowplow/client_session/jsonschema/1-0-2","error":{"error":"ResolutionError","lookupHistory":[{"repository":"Iglu Client Embedded","errors":[{"error":"NotFound"}],"attempts":1,"lastAttempt":"2024-11-04T15:08:15.612Z"},{"repository":"S3-schemas-registry","errors":[{"error":"ClientFailure","message":"Unexpected server response: <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2RJ4QDKMF0Z7JQ3M</RequestId><HostId>Z6s1UR48AehJz2X5DWD3av/LKoxQo4GsdVR+ZFVzTMXbpHOlVbGxhS9oxZ0ZzoI8rqU9BI7ebhQ=</HostId></Error>"},{"error":"ClientFailure","message":"Unexpected server response: <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0HEPD5N4CXTTTTJK</RequestId><HostId>8/UIwjSvo5uG0OUZbXqA8h1EO5Asd7QUgmQLCuysyebLOkF1AsHWvqKqiHsYdDcqMOvlB5jseq8=</HostId></Error>"},{"error":"ClientFailure","message":"Unexpected server response: <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message>

We are getting bad enrichment data with more no of files loaded whereas in good its very less amount of data that is being transferred.

What is the access denied msg is talking about? any idea like which server to server connection it is not able to access or anything else I’m missing here or overlooking?

Hi @deepthi_I are you using an S3 Static Website as your Iglu Resolver and did you recently turn off public access to that S3 Bucket behind it?

Hey @josh, we are not using Static S3, but the public access blocked. And this blocking is not a new change that we made, it was working fine earlier.

And to add on a point we are trying to access s3 from ECS task through CloudFront. (where we have bucket policy that allows CloudFront)

That error tells me that your Snowplow Application cannot access that endpoint (Cloudfront or otherwise). So that would be the place to start debugging!