Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IAM role ARN value is invalid or does not include the required permissions for: S3_SNAPSHOT_INGESTION

0

We are trying to restore an RDS MySQL database from a backfile on an S3 instance. However, our request to create DB Instance fails with the following error message: "IAM role ARN value is invalid or does not include the required permissions for: S3_SNAPSHOT_INGESTION"

Any help would be greatly appreciated.

Thanks!

  • Oleksii Bebych EXPERT
    2 years ago

    Please accept the answer if it was useful for you

Topics
AnalyticsMigration & ModernizationSecurity, Identity, & ComplianceDatabase
Tags
MySQLAWS Database Migration ServiceAmazon Relational Database ServiceIAM Policies
Language
English
asked 2 years ago2.2K views
2 Answers
2

If you need an IAM role to import your database from Amazon S3, create a role to delegate permissions from Amazon RDS to your Amazon S3 bucket.

check this

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html#MySQL.Procedural.Importing.Enabling.IAM

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html#MySQL.Procedural.Importing.PerformingImport

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago
  • Dan Temple
    2 years ago

    I am also seeing the error message IAM role ARN value is invalid or does not include the required permissions for: S3_SNAPSHOT_INGESTION.

    I have ensured that the Role ARN provided does have:

    s3:ListBucket s3:GetBucketLocation s3:GetObject

    permissions on the correct bucket. (It is the same role ID that was used to export the snapshot), as mentioned in the first article linked above, and also the kms:Decrypt. What other permissions might be required? Is a more specific error message available in logs somewhere?

    EDIT: Same error message is seen even if choosing the Create a New Role option.

0

The error message you're encountering suggests that the IAM role associated with your RDS instance does not have the necessary permissions to access the S3 bucket containing the database snapshot. To resolve this issue, you need to update the IAM role's policy to include the required permissions for S3 snapshot ingestion.

answered 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content