By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

S3 inventory failed due to an internal error.

0

[Edited - updated subject]

Hi,

I would like to set up S3 inventory for an S3 bucket however it's not working and I'm struggling to understand why.

I have created an s3 inventory configuration as per the "Configuring Amazon S3 inventory" guide on the AWS docs however after 48 hours no inventory is produced and the "Last export" field just shows a hyphen (-).

Here are some details about my set up:

  • My source and destination buckets are in the same AWS account.
  • My source and destination buckets are configured with default encryption enabled and they use different SSE-KMS CMK keys.
  • The CMK key for the destination bucket is configured to grant the s3.amazon.com service principal the "kms:GenerateDataKey" action.
  • The destination bucket policy is configured to grant the s3.amazon.com service principal the "s3:PutObject" action. I'm using the "InventoryAndAnalyticsExamplePolicy" example bucket policy from the AWS docs.

After 48 hours, I'm not seeing any output in the destination bucket and I can't find any information about the failure in CloudTrail.

Does anyone have any tips on how best to troubleshoot this?

Kind regards,
Matt

Edited by: asdf750 on Sep 30, 2021 1:32 AM

Edited by: asdf750 on Oct 6, 2021 12:38 AM

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
asdf750
asked a year ago282 views
1 Answer
0

Got it working in the end - the issue was that my s3 source and destination buckets were encrypted and I had specified the KMS key ID for the source bucket and KMS Key Alias for the destination bucket. I switched to use the KMS Key ARN for both and the inventory began working. I didn't see this limitation specified anywhere the the documents.

I noticed that when I made that change, the inventory folders were created in the destination bucket almost immediately which gave me hope that it would work after I waited another 24 hours to test it.

Another funny thing was that even though the inventory began working, the hyphen is still showing up in the source bucket's inventory configuration's "Last export" field..... This suggested to me that it hasn't completed even though when I checked the destination bucket the inventory report was there..... So always check the destination bucket as you can't really trust that "Last export" field.

silverlining
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content