Issue
When attempting to create an on-demand backup using AWS Backup Audit Manager Reports, I receive the following error, regardless of how permissive I make the permissions on the bucket and the bucket policy.
Can't access the S3 bucket backup-report-temporary for job 984C78DC-E74E-AFF9-77AA-4AD9CDF933CB. Make sure bucket exists and bucket policy is valid and try again.
Steps taken to troubleshoot
- Copied and pasted the recommended configuration from the 'Create report plan' workflow in AWS Backup to the target S3 bucket
- Created multiple buckets in multiple regions
- Created multiple report plans in multiple regions
- Modified the recommended configuration from the 'Create report plan' workflow to be more permissive. (Resource wildcards, action wildcards, removing StringEquals condition check)
- Enabled CloudTrail object level logging and did not see PutObject attempts to the bucket under observation
I had this working previously, but it appears that the behavior of the user interface changed in the past few days as well. Previously, when I would enter a bucket prefix, the suggested bucket policy would change to account for the prefix. It is no longer doing that. There may have been a deployment that broke this feature.