IAM User cannot create S3 Batch Operation
Hi, I have IAM User with full access S3 Role, and I have assign the role of creating batch operations to replace & delete tagging like in this link https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-iam-role-policies.html#batch-ops-iam-role-policies-create . But when the user tries to create a batch operation, they get error message. * An internal error prevented this job from being created. Wait a few minutes and choose Create job again. If the problem persists, contact AWS Support*
How to solve this? Thx
- Newest
- Most votes
- Most comments
Without getting role policies/permissions, it's hard to guess but there are few things which should be checked: Since S3 role has all permissions already so, did you check the manifest bucket policy and target bucket policy, many cases target bucket policy doesn't grant access to batch operations role, which is why this occurs. Make sure that target bucket policy is allowing batch operations role to write here, additionally check if role has required kms key permissions on both side of buckets and target account kms key policy is allowing this role for encrypt operations.
Take a look at https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-iam-role-policies.html to revise the permissions.
Please refer re:Post Answer for permissions required for batch operations. Feel free to comment here if you have any additional questions.
Relevant content
- Accepted Answer
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
Can you share the role policies? Without seeing the code it's hard to give a meaningful answer.
If I had to guess, I would check that the role trusts the batchoperations.s3.amazonaws.com service principal.
Please comment here if you have any additional questions or you are still seeing challenges.