IBM Cloud Docs
Why do I see wrong credentials or access denied messages when I create a PVC?

Why do I see wrong credentials or access denied messages when I create a PVC?

Virtual Private Cloud Classic infrastructure

This troubleshooting topic applies only to Red Hat OpenShift clusters that run version 3.11.

When you create the PVC, you see an error message similar to one of the following:

SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.

AccessDenied: Access Denied status code: 403

CredentialsEndpointError: failed to load credentials

InvalidAccessKeyId: The AWS Access Key ID you provided does not exist in our records`

can't access bucket <bucket_name>: Forbidden: Forbidden

The IBM Cloud Object Storage service credentials that you use to access the service instance might be wrong, or allow only read access to your bucket.

Create a new secret.

  1. In the navigation on the service details page, click Service Credentials.
  2. Find your credentials, then click View credentials.
  3. In the iam_role_crn section, verify that you have the Writer or Manager role. If you don't have the correct role, you must create new IBM Cloud Object Storage service credentials with the correct permission.
  4. If the role is correct, verify that you use the correct access_key_id and secret_access_key in your Kubernetes secret.
  5. Create a new secret with the updated access_key_id and secret_access_key.