By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I troubleshoot problems with Amazon Data Lifecycle Manager?

4 minute read
0

My Amazon Data Lifecycle Manager policy is in an error state, or doesn't act as expected with snapshots.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Lifecycle policy isn't turned on

If snapshots aren't created, then complete the following steps to verify that the lifecycle policy is turned on:

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. Choose Lifecycle Manager, and then verify that the policy State is set to ENABLED.
  3. If the policy isn't set to ENABLED, choose Actions, and then choose Modify Snapshot Lifecycle Policy.
    Note: If the policy state is ERROR, then see DLM policy is in the ERROR state.
  4. Choose Enable policy, and then choose Update policy.

Note: After you create a lifestyle policy, it takes up to an hour to create snapshots. After at least an hour has passed, open the Amazon EC2 console. Then, choose Snapshots to verify that snapshots are created.

Insufficient permissions are on AWS KMS keys

If the copied snapshot is encrypted, then you must have access to the source and destination AWS Key Management Service (AWS KMS) key. For more information, see Determining access to AWS KMS keys.

The lifecycle policy is in an error state

Your lifecycle policy might be in the error state because of one or more of the following issues:

  • There's a problem with your resource tags.
  • The Amazon Data Lifecycle Manager permissions are incorrect.
  • The Identity and Access Management (IAM) permissions are incorrect.

If you use a custom IAM role, then check whether a trust relationship is attached to the role.

To see more information about what caused the error state, check the Amazon CloudWatch Events.

Duplicate tag key exists

If there are duplicate tags in your lifecycle policy, then you see an AWS CloudTrail Event similar to the following example:

CreateSnapshot @2018-12-24T20:25:58.000Z UTC"errorCode": "Client.InvalidParameterValue",
 "errorMessage": "Duplicate tag key 'Name' specified.", 
    "requestParameters": {
        "volumeId": "vol-############",
        "description": "Created for policy: policy-####schedule: First Schedule",

In the preceding example, the tag key Name is duplicated in the policy.

To resolve a Duplicate tag key error, complete the following steps:

  1. Open the Amazon EC2 console.
  2. Choose Lifecycle Manager.
  3. Select your lifecycle policy.
  4. Choose Actions, and then choose Modify Lifecycle Policy.
  5. In the Tag created EBS snapshots section, change the Key on the duplicated tag to a unique name.
  6. Choose Update policy.

Tag is already defined in resource id vol-############

If a tag that's defined in your lifecycle policy is already in use in a different lifecycle policy, then you might receive an error. You receive an error when both of the following conditions are also true:

  • The lifecycle policy is in the same account.
  • The lifecycle policy is for the same resource.

When the tag is already defined, you see an AWS CloudTrail Event similar to the following example:

CreateSnapshots---------------------------------------------------------------------------------
    "eventVersion": "1.05",
    "userIdentity": {
        "type": "AssumedRole",
   "eventTime": "2020-01-########",
    "eventSource": "ec2.amazonaws.com",
    "eventName": "CreateSnapshots",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "dlm.amazonaws.com",
    "userAgent": "dlm.amazonaws.com",
    "errorCode": "Client.InvalidParameterCombination",
    "errorMessage": "Tag (Name) is already defined in resource id vol-########.",
    "requestParameters": {
"requestParameters": {
        "CreateSnapshotsRequest": {
            "Description": "Created for policy: policy-#######schedule: Default Schedule",
            "InstanceSpecification": {
                "ExcludeBootVolume": false,
                "InstanceId": "i-#######"
            },

A volume or instance can have more than one policy associated with it, but tags can't be duplicated across policies. For more information, see Considerations for snapshot lifecycle policies.

To resolve the error, complete the following steps:

  1. View your lifecycle policies to determine the duplicated tag.
  2. Create a new lifecycle policy with a different tag, or edit your current lifecycle policy to use a different tag.

Client.AuthFailure error occurs due to incorrect permissions

The Client.AuthFailure error might occur when the custom lifecycle policy or the IAM user don't have permissions set correctly. The following is an example of a Client.AuthFailure error caused by an inaccessible key:

"Client.AuthFailure","errorMessage": "The specified keyId
arn:aws:kms:us-west-1:#############:key/4ad6a1d7-53ac-45a3-8f08-e6eccc948fdd is not accessible",

For instructions on how to set permissions for Amazon Data Lifecycle Manager, see AWS managed policies for Amazon Data Lifecycle Manager.

For instructions on how to set permissions for IAM users to use Amazon Data Lifecycle Manager, see Control access to Amazon Data Lifecycle Manager using IAM.

Related information

Amazon Data Lifecycle Manager API reference

dlm

Topics
Storage
Tags
Amazon Elastic Block Store
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated a month ago
No comments

Relevant content