Some AWS Backup S3 Restores Fail with "Access denied to KMS Key"

0

Hello,

We are having an issue with AWS backup where some bucket restores are failing with the message "Access denied to KMS Key" . We have tried both restoring with default settings and with SSE-S3 encryption. Looking at cloudtrail, we don't see any failures of decryption. The default backup role has the AWSBackupServiceRolePolicyForS3Backup and AWSBackupServiceRolePolicyForS3Restore. What is odd is that one bucket worked. Also, in our restore testing from a month ago, they all worked. We are unable to figure out what key it is trying to access and why it is being denied.

Thank you!

질문됨 3달 전135회 조회
1개 답변
0

Hello,

I have determined the issue. The issue is that some of the objects in the bucket had public access granted via ACLs. In the testing we did and the AWS Backup restore testing, the buckets were set with "Bucket and objects not public" ... When it hit an object that needed to set a public ACL, it failed. This error message is obviously not correct. However, setting up a bucket that does not have public access blocked and then performing a restore results in the restore working. Clearly, that is the issue, the messaging is just wrong.

Thanks!

답변함 3달 전
profile picture
전문가
검토됨 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠