Bamboo Data Center Elastic Agent Fails with Unable to access S3 bucket
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When launching Bamboo Data Center elastic agents, you may encounter failures connecting to the Atlassian S3 bucket. This can occur during both migration to a new AWS region or when setting up new elastic agents.
Diagnosis
You may see the following error in your logs:
2025-08-01 21:52:18,109 ERROR [main] [ElasticAgentInstaller] Unable to access S3 bucket, dumping the route table:
2025-08-01 21:52:18,110 INFO [main] [ElasticAgentInstaller] Starting [route, -n]
Exception in thread "main" java.io.IOException: Cannot run program "route": error=2, No such file or directoryNote: The route: error=2, No such file or directory message is not the root cause of the problem and does not need to be fixed at the image/AMI level in normal setups. Bamboo attempts to run route -n only to dump the routing table for troubleshooting after a network error occurs while accessing the S3 bucket. The underlying issue remains the network path from the agent to the S3 bucket, as described below.
Cause
Bamboo elastic agents are region-specific and will attempt to connect to the S3 bucket in the region where they are launched (e.g., an agent launched in us-east-2 will connect to the us-east-2 S3 bucket).
Each S3 bucket has a policy that restricts access to EC2 address ranges from the bucket’s region and does not allow cross-region transfer.
Atlassian has allowed the IP addresses mentioned in the AWS IP Ranges in the S3 buckets.
If your network setup (e.g., AWS Transit Gateway) routes requests to appear as if they originate from a different region (e.g., us-east-1), access will fail even if the public IP is whitelisted in that region.
This issue can occur whether you are migrating agents to a new region or setting up new agents for the first time.
Solution
Solution 1: Set Up a Private Mirror of Atlassian's Elastic Agents S3 Buckets
Create a private mirror of Atlassian’s Elastic Agents S3 buckets in the target region (e.g., us-east-2).
This approach requires refreshing the mirror during Bamboo upgrades.
For detailed steps, see: How to setup a private mirror of Atlassian's Elastic Agents S3 Buckets for Bamboo Data Center | Bamboo | Atlassian Support
Solution 2: Use a VPC Gateway Endpoint for S3
Fix the networking by configuring a Gateway endpoints for Amazon S3 - Amazon Virtual Private Cloud in the same region as your agents.
This will ensure S3 traffic is routed directly within the region, bypassing the transit gateway and avoiding cross-region access issues.
References
Was this helpful?