By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

datasync transfer and verification errors to S3 fails with verification failed to S3 Put Object

0

I am seeing an error that the execution failed with "Complete errorLogs with verification error, Tranfer and verification completed. verification detected mismatches. Files with mismatched are listed in cloudwatch Logs" Furtherchecking the cloudwatch logs we do see the following error.

"[ERROR] Deferred error: s0:c58 close (""s3://test//yesh/test.txt""): 40978 (s3 Put Object Failed)"

Any input on this error?

Topics
StorageMigration & Modernization
Tags
Amazon Simple Storage ServiceAWS DataSync
Language
English
yeshwanth
asked a year ago1839 views
1 Answer
2
Accepted Answer

This error occurs because the destination S3 bucket is encrypted with customer managed KMS keys and the IAM role and KMS policy do not have sufficient permissions to perform the Put object action. Though some customers added limited KMS keys it still fails as "kms:GenerateDataKey" is not present on both IAM role policy and KMS policy.

Resolution

Check the following:

  • Check whether the S3 bucket is encryption enabled and the type of KMS.

  • Make sure the IAM role policy and KMS key policy with this role has the following minimum permissions: "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:DescribeKey", "kms:GetPublicKey", "kms:ReEncrypt*", "kms:GenerateDataKey",

  • Make sure the IAM role Trust policy is as per the Example 1: in this documentation: https://docs.aws.amazon.com/datasync/latest/userguide/using-identity-based-policies.html

AWS
Madhuri_D
answered a year ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content