If it is so simple as a authorization challenge, try out setting the CA pem file to a little something a lot less restrictive like so:When you've got proxy extra on your ec2 equipment and it is actually in non-public subnet with a S3 vpc-endpoint attached. I was getting the same error.flag. However this can be a bad strategy, I applied this as A br