How can I resolve issues exporting Amazon Aurora snapshots to Amazon S3?

2 minute read
0

I get an error when I try to export a snapshot from my Amazon Aurora MySQL-Compatible Edition instance to Amazon Simple Storage Service (Amazon S3).

Short description

The Aurora DB cluster snapshot data export to Amazon S3 can fail for the following reasons:

  • The AWS Identity Access Management (IAM) role and policy are incorrectly configured.
  • The IAM role doesn't exist.
  • The AWS Key Management Service (AWS KMS) key check failed.
  • The export task is stuck in the STARTING status.

Resolution

Initial troubleshooting steps

1.    Check that the IAM role that's associated with your DB instance has the required policy assigned:

"s3:PutObject*",
                "s3:ListBucket",
                "s3:GetObject*",
                "s3:DeleteObject*",
                "s3:GetBucketLocation"

2.    Check that you've configured the required privileges for using AWS KMS:

"kms:Encrypt",
        "kms:Decrypt",
        "kms:ReEncrypt*",
        "kms:GenerateDataKey*",
        "kms:CreateGrant",
        "kms:DescribeKey",
        "kms:RetireGrant"

3.    When exporting your snapshot, you might receive an error message similar to the following:

The principal export.rds.amazonaws.com isn't allowed to assume the IAM 
role arn:aws:iam::160966736689:role/rds-s3-export-role or the IAM role 
arn:aws:iam::123456789:role/rds-s3-export-role doesn't exist.

This error occurs when your DB instance tries to assume the IAM role, but fails. Make sure that the trust relationship in the IAM policy specifies export.rds.amazonaws.com instead of rds.amazonaws.com. See the following example:

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Effect": "Allow",
    "Principal": {
    "Service": "export.rds.amazonaws.com"
    },
    "Action": "sts:AssumeRole",
    "Condition": {}
  }
  ]
}

Export task is stuck in "STARTING" status

When you export an Aurora MySQL-Compatible DB snapshot to Amazon S3, the export task can take longer than usual. The time it takes to export a snapshot depends on the database size and type. The export task restores and scales the entire database before it extracts the data to Amazon S3. During this stage, your export task displays the Starting status. When the task begins to export the data to Amazon S3, the status changes to In progress. If the export task is successful, then the status indicates that the task is Complete. If there are issues with your export task process, the status indicates that the task Failed.

For more information, review the limitations when exporting the Aurora MySQL to Amazon S3. For further troubleshooting steps, see the Aurora export documentation.


Related information

Viewing cluster status and recommendations

AWS OFFICIAL
AWS OFFICIALUpdated a year ago