By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 Cross Region Replication Failure

0

Hey, I am trying to execute cross region replication for s3 object for a partticular prefix with KMs Enabled. I am Getting Error (Failure Reason) - SrcGetObjectNotPermitted. I am giving the [s3:GETObjectVersionForReplication ] Action to IAM Role policy that is attached to replication iam role. Can you please help!!

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
rePost-User-1483838
asked a year ago801 views
2 Answers
0

Most likely the s3:GetObjectVersionForReplication permission may be missing for the source bucket. You can refer the document for more detail. https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-failure-codes.html

AWS
Sanjay Aggarwal
answered a year ago
0

SrcGetObjectNotPermitted simply means that the IAM role was not allowed to perform a successful GET on the source object. Sometimes, it might be KMS encryption related. You can also check CloudTrail for KMS errors at the time of the replication failure. Decrypt, Encrypt or GenerateDataKey errors might give you some clues into what KMS permissions are required for a successful replication https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-config-for-kms-objects.html#replication-kms-permissions

profile pictureAWS
Ernest O
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content