Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Clouformation Restore Aurora Postgres From Snapshot Access Denied APIDataApi

1

I 'm tryng to restore an encrypted aurora cluster from a snapshot stored in my backup vault . Here my cloudformation template that i use to create and then to restore it

Cluster: Type: AWS::RDS::DBCluster Properties: CopyTagsToSnapshot: !If [IsUseDBSnapshot, !Ref "AWS::NoValue",true] DBClusterIdentifier: !Join ['-', [!Ref Env, !Ref Project, 'cluster']] DBSubnetGroupName: !Ref DBSubnetGroup Engine: !Ref Engine EngineVersion: !Ref EngineVersion KmsKeyId: !Ref KMSKey MasterUsername: !If [IsUseDBSnapshot, !Ref "AWS::NoValue",!Ref Username] ManageMasterUserPassword: !If [IsUseDBSnapshot, !Ref "AWS::NoValue",true] MasterUserSecret: KmsKeyId: !If [IsUseDBSnapshot, !Ref "AWS::NoValue",!Ref KMSKey] BackupRetentionPeriod: 1 PreferredBackupWindow: "01:00-04:00" PreferredMaintenanceWindow: "sun:04:00-sun:05:00" EnableHttpEndpoint: true DBClusterParameterGroupName: !Ref RDSDBClusterParameterGroup DeletionProtection: true SnapshotIdentifier: !If [IsUseDBSnapshot, !Ref DBSnapshotName, !Ref "AWS::NoValue"] StorageEncrypted: !If [IsUseDBSnapshot, !Ref "AWS::NoValue", true] VpcSecurityGroupIds: - !Ref RDSInstanceSG StorageType: aurora # EnableCloudwatchLogsExports: # - postgresql Tags: - Key: Name Value: !Join ['-', [!Ref Env, !Ref Project, 'cluster']] - Key: backup Value: daily DeletionPolicy: Delete UpdateReplacePolicy: Retain

AURORA: Type: 'AWS::RDS::DBInstance' Properties: DBInstanceIdentifier: !Join ['-', [!Ref Env, !Ref Project, 'aurora']] AutoMinorVersionUpgrade: false Engine: !Ref Engine EngineVersion: !Ref EngineVersion DBParameterGroupName: !Ref RDSDBParameterGroup EnablePerformanceInsights: true PerformanceInsightsKMSKeyId: !Ref KMSKey PerformanceInsightsRetentionPeriod: !Ref PerformanceInsightsRetentionPeriod DBClusterIdentifier: !Ref Cluster DBInstanceClass: !Ref DBInstanceClass CACertificateIdentifier: !Ref CACertificateIdentifier Tags: - Key: Name Value: !Join ['-', [!Ref Env, !Ref Project, 'aurora']]
- Key: backup Value: daily DeletionPolicy: "Snapshot" UpdateReplacePolicy: "Snapshot"

Every time i run the cloudformation template stack rollback with error:

Resource handler returned message: "Access Denied to API Version: APIDataApi (Service: Rds, Status Code: 400, Request ID: ff80cc9f-cd5f-4b0c-bfbb-1cae406a5027)" (RequestToken: 40fbfa19-262d-dde7-7149-dd4668f2c25e, HandlerErrorCode: InvalidRequest)

I tried to trace request with cloudtrail but there are no requests with data id. I don't understand what means Access Denied to API Version: APIDataApi

No issues if i manually restore using aws RDS Console

Themen
SpeicherDatenbankManagement & Unternehmensführung
Tags
Sicherung & WiederherstellungAurora PostgreSQLAWS CloudFormation
Sprache
English
Romeo Corgiolu
gefragt vor 3 Monaten275 Aufrufe
2 Antworten
1
Akzeptierte Antwort

Hello.

I thought it was related to enabling Aurora Serverless's DataAPI with "EnableHttpEndpoint: true".
Please try commenting out this setting and then restoring it.

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 3 Monaten
1

The error can also appear if the HTTP Data API is not (yet) available in your target-region. Especially for the new serverless v2.

see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.Aurora_Fea_Regions_DB-eng.Feature.Data_API.html#Concepts.Aurora_Fea_Regions_DB-eng.Feature.Data_API.apg

profile picture
HAPPYCODING
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt