-
Titre
Unable to backup to S3 with restricted privileges -
Description
During backup to S3 the Access Denied raise. Because of restricted environment it is not possible to grant read/write access to whole bucket, but only to subfolders.
BACKUP LOG is terminating abnormally. A nonrecoverable I/O error occurred on file "VDI_25FFD3F3-59F0-4646-92DA-827DF755692A_0:" 995(The I/O operation has been aborted because of either a thread exit or an application request.). Write on "VDI_25FFD3F3-59F0-4646-92DA-827DF755692A_0" failed: 1223(The operation was cancelled by the user.) AmazonServiceException: Access Denied [SQLSTATE 42000] (Error 61700). The step failed.
-
Cause
Insufficient privileges on AWS S3 location. -
Résolution
We have this sample policy file below. Though it’s in two different “Effect” sections (one section for overall bucket and one just for the relevant subfolders),
Add to S3 ACLs lines highlighted by ---> <---)
EXAMPLE POLICY:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
---> "s3:GetBucketLocation" <---
],
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:Get*",
---> "s3:DeleteObject" <---
],
"Resource": [
"arn:aws:s3:::mybucket/folder/*"
For mpre specific and complete examples of IAM policy files, depending on what version of LiteSpeed you are using, refer to the KB article 255392 at this URL:
https://support.quest.com/litespeed-for-sql-server/kb/255392/amazon-s3-backup-restore-and-permissions-for-litespeed