- 최신
- 최다 투표
- 가장 많은 댓글
| This error can arise if the proper IAM policies and roles are not set on the Ec2 instance where VSS backups needs to be taken. You need to attach the below policy while creating a role for VSS in IAM. |
|---|
| { |
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:DescribeImages"
],
"Resource": "*"
}
]
}
To create IAM role refer to article -> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
To Attach an instance profile to an existing instance refer to article -> https://docs.amazonaws.cn/en_us/systems-manager/latest/userguide/setup-launch-managed-instance.html
Once the role is created and instance profile is attached to the EC2 instance then the above error should not be encountered.
This error can also happen if 'tag:GetResources', 'ec2:CreateTags', 'ssm:DescribePatchBaselines', 'ec2messages:SendReply’ , ‘ds:CreateComputer', 'ec2:DescribeImagescloudwatch:PutMetricData', 'ds:DescribeDirectories’,’ssm:DescribeEffectivePatchesForPatchBaseline', 'ssm:GetPatchBaseline' are missing from the IAM policy.
For more details on the same refer to article -> https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/application-consistent-snapshots-getting-started.html#run-command-vss-role
FYI, the formatting of the JSON on the page is bad. It should be..
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:DescribeImages"
],
"Resource": "*"
}
]
}
관련 콘텐츠
AWS 공식업데이트됨 10달 전- AWS 공식업데이트됨 10달 전
- AWS 공식업데이트됨 5달 전
