Questions tagged with AWS Backup

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

DescribeFrameworkByUUID permission missing on service-linked role AWSServiceRoleForBackupReports

This is causing CloudTrail to log many access denied attempts, triggering an alarm: ```json { "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "xxxxxxxxxxxxxxxxxxx:StorageDescribeFrameworkUUID", "arn": "arn:aws:sts::xxxxxxxxxxxxxxxxxxx:assumed-role/AWSServiceRoleForBackupReports/StorageDescribeFrameworkUUID", "accountId": "xxxxxxxxxxxxxxxxxxx", "accessKeyId": "xxxxxxxxxxxxxxxxxxx", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "xxxxxxxxxxxxxxxxxxx", "arn": "arn:aws:iam::xxxxxxxxxxxxxxxxxxx:role/aws-service-role/reports.backup.amazonaws.com/AWSServiceRoleForBackupReports", "accountId": "xxxxxxxxxxxxxxxxxxx", "userName": "AWSServiceRoleForBackupReports" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-09-28T08:56:37Z", "mfaAuthenticated": "false" } }, "invokedBy": "reports.backup.amazonaws.com" }, "eventTime": "2022-09-28T08:56:37Z", "eventSource": "backup.amazonaws.com", "eventName": "DescribeFrameworkByUUID", "awsRegion": "ca-central-1", "sourceIPAddress": "reports.backup.amazonaws.com", "userAgent": "reports.backup.amazonaws.com", "errorCode": "AccessDenied", "requestParameters": null, "responseElements": null, "requestID": "xxxxxxxxxxxxxxxxxxx", "eventID": xxxxxxxxxxxxxxxxxxx", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "xxxxxxxxxxxxxxxxxxx", "eventCategory": "Management" } ``` It is impossible to delete the role: ``` Errors during deleting roles. Role AWSServiceRoleForBackupReports not deleted. There are resources that rely on this role. ``` And it is not possible to add custom permissions to the service-linked role. It does not seem to be possible to configure a custom role for the backup reports either. What can I do ?
0
answers
0
votes
24
views
Daniel
asked 2 months ago

AWS Backup VSS timeout

I'm trying to set up AWS Backup for EC2 instance with Windows Server 2022 and MS SQL Server, following this instruction https://docs.aws.amazon.com/aws-backup/latest/devguide/windows-backups.html I've done all the steps, but the on-demand backup job finishes with the message: > "Windows VSS Backup attempt failed because of timeout on VSS enabled snapshot creation" The file "C:\Program Files\Amazon\AwsVssComponents\vsserr.log" is empty, "C:\Program Files\Amazon\AwsVssComponents\vssout.log" contains information about Shadow copies of devices and ends with the message "Snapshot creation done." There are several messages related to VSS in Windows Log, for example: ``` Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {4baeabae-7018-43e6-8bfb-fb15aaa3a675} and Name SW_PROV is [0x80040154, Class not registered ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Check If Volume Is Supported by Provider Add a Volume to a Shadow Copy Set Context: Provider ID: {4aaed461-b7bb-4125-a906-31c79791b47d} Class ID: {4baeabae-7018-43e6-8bfb-fb15aaa3a675} Snapshot Context: 2 Snapshot Context: 2 Execution Context: Coordinator Provider ID: {00000000-0000-0000-0000-000000000000} ``` What else can be checked and how to fix the timeout error?
0
answers
0
votes
10
views
asked 2 months ago