Cannot launch MySQL 5.6 from S3 - S3_SNAPSHOT_INGESTION

I missed this one Example Permissions Policy for Importing from Amazon S3 — IAM User Permissions

{
    "Version":"2012-10-17",
    "Statement":
    [
        {
            "Sid":"AllowS3AccessRole",
            "Effect":"Allow",
            "Action":"iam:PassRole",
            "Resource":"arn:aws:iam::IAM User ID:role/S3Access"
        }
    ]
}

The root cause for this issue was required permissions missing for the RDS to read something from S3 bucket. But before actually adding permission for the RDS, the user who is creating this RDS need to have required permissions to delicate RDS with proper permission. If you are getting confused, its like the AWS user has to have the required permission to create roles for the RDS.

1. The AWS user should have "iam:Passrole" policy attached as part of the IAM role.
   for a user to associate an IAM role with an S3 bucket, the IAM user must have the iam:PassRole permission for that IAM role. This permission allows an administrator to restrict which IAM roles a user can associate with S3 buckets.
2. Now while creating the RDS use "Create a new role" from the IAM role section. & then check the inline policy auto-generated from the "View policy document". It should be something like :
   {
   "Version": "2012-10-17",
   "Statement": [
   {
   "Effect": "Allow",
   "Action": [
   "s3:ListBucket",
   "s3:GetBucketLocation"
   ],
   "Resource": [
   "arn:aws:s3:::<bucket name>"
   ]
   },
   {
   "Effect": "Allow",
   "Action": [
   "s3:GetObject"
   ],
   "Resource": [
   "arn:aws:s3:::<bucket name>/<prefix>*"
   ]
   }
   ]
   }

& finally you are good to go.

For more details please go through https://docs.aws.amazon.com/dms/latest/sbs/CHAP_MySQL2Aurora.html

Edited by: saibaldey on Jul 27, 2020 9:39 AM