By using AWS re:Post, you agree to the Terms of Use

Correct permissions to Restore an Aurora Backup from AWS Backup with KMS


Hello, here is the situation, we have AWS Backup configured to backup Aurora Clusters, the Aurora Cluster is encrypted with a CMK of KMS. Now, that we want to restore a backup using the AWS Backup Console, the process says it finished successfully but the restored Aurora Cluster has 0 instances. So I think there is an issue of permissions to use the KMS key, but I have tried different permissions to no avail. Is there a document that specifies the correct permissions for this to work ?

Thanks in advanced. Kind Regards,

1 Answer

You can look at CloudTrail event history around the time when you run the restore to see if any CreateDBInstance call is failing/giving an error. The error code would tell the missing permission.

Please also look at any other API calls around that timestamp to note any additional API calls which gave an error.

answered 7 months ago
  • Hello Shivam, I did and I got no errors, I see the following actions: StartRestoreJob, RestoreDBClusterFromSnapshot, CreateGrant, RestoreStarted

    I could not find any error in CloudTrail, the Bakcup Restore Job shows as Completed, the RDS Cluster is there with status of Available but with 0 instances.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions