Skip to content

Fix opaque S3 error messages for AWS permission issues #604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix opaque S3 error messages for AWS permission issues #604

wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Sep 29, 2025
edited
Loading

Problem

When AWS S3 permissions are missing (e.g., s3:HeadBucket), Preevy fails with an unhelpful "403: UnknownError" message that provides no indication the problem is S3-related or which specific AWS permission is missing. This makes it difficult for users to diagnose and resolve permission issues.

Solution

Enhanced error handling in the S3 filesystem implementation (packages/driver-lightsail/src/fs/index.ts) to provide clear, actionable error messages that:

  1. Identify S3 as the source - Users immediately know the error is S3-related
  2. Specify the failed operation - Shows exactly which S3 API call failed (HeadBucket, GetObject, PutObject, DeleteObject)
  3. Provide location context - Includes the S3 bucket/key for debugging
  4. Give actionable guidance - For 403 errors, specifically mentions checking AWS permissions
  5. Preserve debug info - Maintains original error details for technical troubleshooting

Before vs After

Before (opaque):

403: UnknownError

After (clear and actionable):

Access denied when trying to check bucket permissions (HeadBucket) on Preevy profile S3 bucket. Please check your AWS permissions for the check bucket permissions (HeadBucket) operation.
Location: s3://preevy-123456789-myprofile
S3 Operation: check bucket permissions (HeadBucket)
HTTP Status: 403
AWS Error: AccessDenied
Details: Access Denied

Implementation

  • Added createS3Error() helper function to wrap S3 operations with contextual error messages
  • Enhanced ensureBucketExists() to provide specific context for HeadBucket/CreateBucket failures
  • Improved error handling in all S3 filesystem operations (read, write, delete)
  • Preserved original error information for debugging while making messages user-friendly

Testing

  • All builds and lints pass successfully
  • Changes are minimal and surgical, affecting only error messaging
  • Maintains backward compatibility and preserves all original error information
  • No functional behavior changes, only improved error reporting

This fix directly addresses the issue where users with missing S3 permissions (like the reported s3:HeadBucket case) now get clear guidance on which AWS permissions need to be configured.

Original prompt

This section details on the original issue you should resolve

<issue_title>[Bug]: Incorrect AWS S3 permissions causes opaque error</issue_title>
<issue_description>### What happened?

Preevy failed with "403: UnknownError" with no indication the problem was related to AWS/S3.

Add screenshots

image

Steps to reproduce the behavior

Use an AWS role that is missing required permissions.

Expected behavior

The error message should mention the problem happened when trying to access a preevy profile on S3, and should specifically say which S3 API failed.

In my case the role did have access to s3.GetObject, but was missing s3.HeadBucket.

What OS are you seeing the problem on?

Linux

Additional context

No response

Record

  • I agree to follow this project's Code of Conduct</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #458

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] [Bug]: Incorrect AWS S3 permissions causes opaque error Fix opaque S3 error messages for AWS permission issues Sep 29, 2025
Copilot AI requested a review from Yshayy September 29, 2025 06:08
Copilot finished work on behalf of Yshayy September 29, 2025 06:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yshayy Yshayy Awaiting requested review from Yshayy

At least 1 approving review is required to merge this pull request.

Assignees

@Yshayy Yshayy

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Incorrect AWS S3 permissions causes opaque error

2 participants

@Yshayy