By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Access denied when backing up from Installatron to S3 bucket

0

I have two sites hosted on GoDaddy and I'm using Installatron to back up to an S3 bucket. When I run the job, it fails, and the logs show an "Access Denied" error. I created a user and created a Permission Policy for access to the S3 bucket. The permissions in the policy are GetObject, DeleteObject, PutObject and ListBucket. I've used a similar policy for backing up from Veeam to S3 and didn't have any issues. I'm not sure what else to try, any advice would be appreciated. Thanks.

Topics
StorageSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceAWS Identity and Access Management
Language
English
Maurice
asked 7 days ago39 views
2 Answers
0
Accepted Answer

Hi,

I'd suggest you to consider enabling the data events of the S3 bucket on CloudTrail, you can enable it by following this documentation[1]. The default setting for CloudTrail is to find only management events. Data events includes PutObject, GetObject, etc. Reviewing the S3 data events on CloudTrail, might assist you in identifying the root cause.

Additionally, double-check the Bucket Policy, and IAM permissions of the job.

Also, if you have S3 endpoints in the VPC, ensure that the endpoint policy/Security groups allows the necessary actions.

[1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html

profile pictureAWS
Aakash Sai Raj
answered 7 days ago
profile pictureAWS
EXPERT
Jordan Sandri
reviewed 5 days ago
  • Maurice
    6 days ago

    Hi, Thanks, I was able to see what the problem was and got it working!

0

The "Access Denied" error you're encountering when trying to back up from Installatron to your S3 bucket suggests that there might be issues with your permissions configuration. While you've created a user and a permission policy, there are a few additional areas you should check:

  1. Bucket Policy: Ensure that your S3 bucket policy allows the necessary actions for the IAM user you've created. Sometimes, an explicit deny in the bucket policy can override IAM user permissions.

  2. Block Public Access settings: Check if the S3 Block Public Access settings are enabled at the bucket or account level. These settings can sometimes interfere with legitimate access attempts.

  3. IAM User Credentials: Verify that you're using the correct access key ID and secret access key for the IAM user in your Installatron configuration.

  4. Bucket Ownership: Make sure the AWS account you're using owns the S3 bucket you're trying to access.

  5. Encryption Settings: If your S3 bucket uses encryption, ensure that the IAM user has permissions to use the encryption key.

  6. Cross-account access: If the IAM user and the S3 bucket are in different AWS accounts, you'll need to set up cross-account access permissions.

  7. Specific Permissions: Double-check that your policy includes all necessary permissions. For backups, you might also need s3:PutObjectAcl in addition to the permissions you've listed.

If you've verified all these points and are still encountering issues, you may want to temporarily enable S3 access logging or review CloudTrail logs (if enabled) to get more detailed information about the access denied errors. This can help pinpoint the exact reason for the permission denial.

If the problem persists, you might need to reach out to AWS Support for more detailed, account-specific guidance.
Sources
Troubleshoot access denied (403 Forbidden) errors in Amazon S3 - Amazon Simple Storage Service
Unable to post data to s3, getting forbidden error | AWS re:Post
Troubleshoot 403 Access Denied error in Amazon S3 | AWS re:Post

profile picture
re:Post Agent
answered 7 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content