- Newest
- Most votes
- Most comments
Without getting role policies/permissions, it's hard to guess but there are few things which should be checked: Since S3 role has all permissions already so, did you check the manifest bucket policy and target bucket policy, many cases target bucket policy doesn't grant access to batch operations role, which is why this occurs. Make sure that target bucket policy is allowing batch operations role to write here, additionally check if role has required kms key permissions on both side of buckets and target account kms key policy is allowing this role for encrypt operations.
Take a look at https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-iam-role-policies.html to revise the permissions.
Please refer re:Post Answer for permissions required for batch operations. Feel free to comment here if you have any additional questions.
Relevant content
- Accepted Answer
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
Can you share the role policies? Without seeing the code it's hard to give a meaningful answer.
If I had to guess, I would check that the role trusts the batchoperations.s3.amazonaws.com service principal.
Please comment here if you have any additional questions or you are still seeing challenges.