- Newest
- Most votes
- Most comments
we are using the AWSBackupDefaultServiceRole with the following attached AWS managed policies
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestores
- AWSBackupServiceRolePolicyForS3Backup
- AWSBackupServiceRolePolicyForS3Restore
however, still getting a failed backup job with access denied error
I upload my backups to my S3 bucket regularly and it works just fine. I think you need the s3:PutObject permission. I also have other ones, like s3:PutObjectAcl, but I'm not sure you need that. You might want s3:GetObject permissions, too, if you want to download it or read it. Let me know how it goes.
Did you follow this document for creating the roles? https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html
Thanks for your reply Sir I believe the AWSBackupDefaultServiceRole is automatically created when we make a backup plan and choose the default role.
If my answer helped you, please accept the answer or upvote it. It will help others that way, too. Thanks.
There is a way to generate a policy based on Cloud Trail logs. That might help you. See this article. Hope it helps. https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html
my posted concern here is now resolved, I updated the bucket policy and added a statement with the following condition
condition: ArnLike
Key: aws:SourceArn
Value: arn:aws:iam::<Account Number>:role/service-role/AWSBackupDefaultServiceRole
our backup job is now running.
Relevant content
- asked 2 months ago
- asked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
If this answer helped you, please accept my answer or upvote it. It will help others know it worked that way.
Hi, thank you for you reply.. we don't have issue reading & writing files / object to S3 from our application. the problem is, we intend to create a regular backup job for that particular bucket using AWS Backup Service however the AWS Backup Service job fails and getting access denied due to S3 bucket policy. we tried to follow this documentation, and add the RoleID of the default backup role but to no avail https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/