Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to restore Glacier Deep Archive files

0

Every time I try to initialize the restore of some files in my s3 Deep Archive storage, I get the error "An unexpected error occurred." This error message is not helpful, and it does not provide a pointer on how to proceed. I'd appreciate any help.

Topics
Storage
Tags
AWS Storage GatewayAmazon S3 Glacier
Language
English
asked a year ago228 views
3 Answers
0

I apologize for the frustration you're experiencing with the unhelpful error message. When encountering issues with restoring files from S3 Glacier Deep Archive, there are a few things to consider:

  1. Restore process: Restoring objects from S3 Glacier Deep Archive is an asynchronous process that can take up to 48 hours for bulk retrievals. The standard retrieval option takes up to 12 hours.

  2. Permissions: Ensure that you have the necessary permissions to initiate a restore request for the objects in question. Lack of proper permissions could result in unexpected errors.

  3. Object status: Verify that the objects you're trying to restore are actually in the Glacier Deep Archive storage class. Objects in other storage classes may not require restoration or may have different restoration processes.

  4. Restoration method: The AWS Management Console, AWS CLI, or AWS SDKs are the recommended methods for initiating restore requests for Glacier Deep Archive objects. If you're using a third-party tool like WinSCP, it may not support the required operations for S3 Glacier Deep Archive restoration.

  5. Batch operations: If you're trying to restore multiple objects, consider using S3 Batch Operations to initiate restore requests more efficiently.

  6. Check for service issues: Verify if there are any ongoing AWS service issues that might be affecting S3 Glacier Deep Archive operations.

If the error persists after checking these points, I recommend contacting AWS Support for more detailed assistance. They can provide specific guidance based on your account and configuration.
Sources
WinSCP - Files that is Glacier Deep Archive can be initiated to Restore? | AWS re:Post
Amazon S3 Glacier - AWS Prescriptive Guidance

answered a year ago
0

A simple thing to check is to open the object properties in the S3 console and check (unless you already know) if it's encrypted with the SSE-KMS method. If it is, then the problem could simply be caused by your principal (typically an IAM role or IAM user) not having both the kms:Decrypt and kms:GenerateDataKey permissions to the KMS key that was used when the object was encrypted for storage, or to the KMS key that is specified to be used for the temporary copy created as the output of the restore operation. The issue could also be caused by either of those KMS keys being in the "disabled" state or the KMS key having been deleted entirely.

You can verify the problem by viewing the CloudTrail logs in the region where the bucket exists. You would find an event with the eventName of kms:Decrypt, kms:GenerateDataKey, or both with a non-empty "errorCode" value, if access to one or both the KMS keys was denied or failed due to the key having been disabled or deleted, while you attempted to start the restore operation.

If the SSE-S3 encryption method is used both for the archived object and for the target location where the temporary copy is to be restored, then what I wrote above does not apply and you can disregard it.

EXPERT
answered a year ago
0

It's encrypted with Amazon S3 managed keys (SSE-S3).

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content