S3 inventory failed due to an internal error.

0

[Edited - updated subject]

Hi,

I would like to set up S3 inventory for an S3 bucket however it's not working and I'm struggling to understand why.

I have created an s3 inventory configuration as per the "Configuring Amazon S3 inventory" guide on the AWS docs however after 48 hours no inventory is produced and the "Last export" field just shows a hyphen (-).

Here are some details about my set up:

  • My source and destination buckets are in the same AWS account.
  • My source and destination buckets are configured with default encryption enabled and they use different SSE-KMS CMK keys.
  • The CMK key for the destination bucket is configured to grant the s3.amazon.com service principal the "kms:GenerateDataKey" action.
  • The destination bucket policy is configured to grant the s3.amazon.com service principal the "s3:PutObject" action. I'm using the "InventoryAndAnalyticsExamplePolicy" example bucket policy from the AWS docs.

After 48 hours, I'm not seeing any output in the destination bucket and I can't find any information about the failure in CloudTrail.

Does anyone have any tips on how best to troubleshoot this?

Kind regards,
Matt

Edited by: asdf750 on Sep 30, 2021 1:32 AM

Edited by: asdf750 on Oct 6, 2021 12:38 AM

asdf750
질문됨 2년 전830회 조회
1개 답변
0

Got it working in the end - the issue was that my s3 source and destination buckets were encrypted and I had specified the KMS key ID for the source bucket and KMS Key Alias for the destination bucket. I switched to use the KMS Key ARN for both and the inventory began working. I didn't see this limitation specified anywhere the the documents.

I noticed that when I made that change, the inventory folders were created in the destination bucket almost immediately which gave me hope that it would work after I waited another 24 hours to test it.

Another funny thing was that even though the inventory began working, the hyphen is still showing up in the source bucket's inventory configuration's "Last export" field..... This suggested to me that it hasn't completed even though when I checked the destination bucket the inventory report was there..... So always check the destination bucket as you can't really trust that "Last export" field.

답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠