- 新しい順
- 投票が多い順
- コメントが多い順
| This error can arise if the proper IAM policies and roles are not set on the Ec2 instance where VSS backups needs to be taken. You need to attach the below policy while creating a role for VSS in IAM. |
|---|
| { |
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:DescribeImages"
],
"Resource": "*"
}
]
}
To create IAM role refer to article -> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
To Attach an instance profile to an existing instance refer to article -> https://docs.amazonaws.cn/en_us/systems-manager/latest/userguide/setup-launch-managed-instance.html
Once the role is created and instance profile is attached to the EC2 instance then the above error should not be encountered.
This error can also happen if 'tag:GetResources', 'ec2:CreateTags', 'ssm:DescribePatchBaselines', 'ec2messages:SendReply’ , ‘ds:CreateComputer', 'ec2:DescribeImagescloudwatch:PutMetricData', 'ds:DescribeDirectories’,’ssm:DescribeEffectivePatchesForPatchBaseline', 'ssm:GetPatchBaseline' are missing from the IAM policy.
For more details on the same refer to article -> https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/application-consistent-snapshots-getting-started.html#run-command-vss-role
FYI, the formatting of the JSON on the page is bad. It should be..
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:DescribeImages"
],
"Resource": "*"
}
]
}
関連するコンテンツ
- 質問済み 6年前
AWS公式更新しました 10ヶ月前- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 5ヶ月前
- AWS公式更新しました 1年前
