403 access denied - BQ as destination

  • Is this your first time deploying Airbyte?: No
  • OS Version / Instance: Ubuntu
  • Memory / Disk: you can use something like 4Gb / 40G
  • Deployment: Docker
  • Airbyte Version: 0.40.30
  • Source name/version: Posthog
  • Destination name/version: BigQuery 1.2.13
  • Step: Issue is happening during destination setup.
  • Description: i’m getting 403 State code: AccessDenied when trying to connect BIgQuery destination with GCS Staging method. Tred connecting different service accounts, set all the permissions, generated new HMAC key pairs yet still the error persists :frowning: .

We’ve done some tests - I’ve tested BigQuery destination setup with same connection (GCS) method on older server with Airbyte version 0.40.26 and it works. On the new server with latest Airbyte (0.40.30) it gives 403 error (same credentials, destination, connection, everything).

On the old server, BigQuery destination’s version is 1.2.9, on the new one, it is 1.2.13.

Error is: State code: AccessDenied; Message: Access denied. (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: null; S3 Extended Request ID: null; Proxy: null)

Hello there! You are receiving this message because none of your fellow community members has stepped in to respond to your topic post. (If you are a community member and you are reading this response, feel free to jump in if you have the answer!) As a result, the Community Assistance Team has been made aware of this topic and will be investigating and responding as quickly as possible.
Some important considerations that will help your to get your issue solved faster:

  • It is best to use our topic creation template; if you haven’t yet, we recommend posting a followup with the requested information. With that information the team will be able to more quickly search for similar issues with connectors and the platform and troubleshoot more quickly your specific question or problem.
  • Make sure to upload the complete log file; a common investigation roadblock is that sometimes the error for the issue happens well before the problem is surfaced to the user, and so having the tail of the log is less useful than having the whole log to scan through.
  • Be as descriptive and specific as possible; when investigating it is extremely valuable to know what steps were taken to encounter the issue, what version of connector / platform / Java / Python / docker / k8s was used, etc. The more context supplied, the quicker the investigation can start on your topic and the faster we can drive towards an answer.
  • We in the Community Assistance Team are glad you’ve made yourself part of our community, and we’ll do our best to answer your questions and resolve the problems as quickly as possible. Expect to hear from a specific team member as soon as possible.

Thank you for your time and attention.
The Community Assistance Team

Hi @Vanesa, thanks for your patience! Could you check if your GCS bucket path has a trailing /? If it does, delete it. Let me know if this helps!

I’m having exactly the same issue on my cloud deploy. Works on local machine though. And no tailing / in my bucket path. Could it be a bug in this release?

Hey @sneakersgames, have you updated to the latest release? We’ve gone through a significant refactor.