Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Some AWS Backup S3 Restores Fail with "Access denied to KMS Key"

0

Hello,

We are having an issue with AWS backup where some bucket restores are failing with the message "Access denied to KMS Key" . We have tried both restoring with default settings and with SSE-S3 encryption. Looking at cloudtrail, we don't see any failures of decryption. The default backup role has the AWSBackupServiceRolePolicyForS3Backup and AWSBackupServiceRolePolicyForS3Restore. What is odd is that one bucket worked. Also, in our restore testing from a month ago, they all worked. We are unable to figure out what key it is trying to access and why it is being denied.

Thank you!

Tópicos
Segurança, identidade e conformidadeArmazenamento
Tags
AWS Key Management ServiceAWS Backup
Idioma
English
stjustin
feita há 3 meses126 visualizações
1 Resposta
0

Hello,

I have determined the issue. The issue is that some of the objects in the bucket had public access granted via ACLs. In the testing we did and the AWS Backup restore testing, the buckets were set with "Bucket and objects not public" ... When it hit an object that needed to set a public ACL, it failed. This error message is obviously not correct. However, setting up a bucket that does not have public access blocked and then performing a restore results in the restore working. Clearly, that is the issue, the messaging is just wrong.

Thanks!

stjustin
respondido há 3 meses
profile picture
ESPECIALISTA
Giovanni Lauria
avaliado há um mês

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante