S3 Backup Copy to destination no errors yet nothing copied

0

I have a S3 backup job that successfully runs each day without any errors being reported, but it is configured to copy to another region and when I go to the vault in that region there is nothing there.

  • It is not another organisation
  • The region (Melbourne) supports backups as an opt-in and the option is checked.
  • The required policies have been added to the role

I've run out of ideas, can anyone help me determine why it doesn't work without having any error information?

asked a month ago78 views
3 Answers
1

There are a few potential reasons why your S3 backup job might be running successfully without errors, yet failing to copy the backup to the destination region. Here are some areas to investigate:

  1. IAM Role Permissions: Ensure that the IAM role used for the backup job has the necessary permissions not only for creating the backup but also for copying it to the destination region. The role should have the appropriate S3 permissions (such as s3:PutObject) for the destination bucket in the Melbourne region.

  2. Backup Vault Configuration: Verify that the backup vault in the destination region (Melbourne) is correctly configured and accessible. Make sure the IAM role has the required permissions to write to this vault.

  3. EventBridge Configuration: AWS Backup relies on receiving S3 events through Amazon EventBridge. Check if EventBridge is properly configured and enabled for your S3 buckets. If this setting is disabled in the S3 bucket notification settings, it could prevent the copy operation from occurring.

  4. Lifecycle Rules: Confirm that there are no conflicting lifecycle rules in the destination bucket that might be immediately moving or deleting the copied backups.

  5. KMS Key Policies: If you're using AWS Key Management Service (KMS) for encryption, ensure that the KMS key policy in the destination region allows the backup role to use the key for encryption.

  6. Cross-Region Replication Settings: Double-check the cross-region replication settings in your backup plan. Make sure the destination region, backup vault, and IAM role are correctly specified.

  7. S3 Versioning: Verify that S3 versioning is enabled on both the source and destination buckets, as this is a requirement for AWS Backup to work with S3.

  8. CloudTrail Logs: Consider reviewing CloudTrail logs for the backup job and the copy operation. Even if no errors are reported in the AWS Backup console, CloudTrail might provide more detailed information about any failed API calls.

  9. AWS Support: If you've verified all the above and still can't identify the issue, it may be worth contacting AWS Support. They can help investigate the problem more deeply, especially if there's an underlying service issue.

Remember to check both the source and destination regions for any relevant logs or metrics that might provide clues about the copy operation's failure.

Sources
Troubleshoot errors for Amazon S3 backups that fail | AWS re:Post
Amazon S3 backups - AWS Backup
Community | Protecting Amazon S3 Using AWS Backup

profile picture
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile pictureAWS
EXPERT
reviewed a month ago
  • Regarding "7. S3 Versioning: Verify that S3 versioning is enabled on both the source and destination buckets, as this is a requirement for AWS Backup to work with S3", the destination is not an S3 bucket - it is a Backup vault - so "versioning" can't be enabled.

    Same applies to "The role should have the appropriate S3 permissions (such as s3:PutObject) for the destination bucket in the Melbourne region." It's not an s3 bucket so it is literally impossible to assign s3:PutObject permissions to it.

0
Accepted Answer

I enabled Cloudwatch which just gave me reams and reams of unfathomable random data - nothing at all that I could use to diagnose this problem. Solution: I've disable the remote copy. I'll just have to live with the local copy. I don't have time to waste trying to debug other peoples systems that don't contain basic error reporting.

answered 19 days ago
0

Hello,

In the source region AWS Backup console, check the status of the S3 copy jobs (Jobs > Copy Jobs).

  • If there are failed jobs, review the status message and take action as per the error.
  • If there are no copy jobs, then your backup plan/policy is unable to initiate copy jobs. Review the copy configuration in your backup plan/policy.
  • In cases where copy job is successful but still no recovery points in destination vault could be due to the retention setting applied for the copy. Retention for the copy is calculated from the start day of backup. Example, Day1 backup completed and on Day5 if you copy to another vault with 1 day retention, then upon copy job completion the recovery point gets deleted in destination vault.
AWS
answered a month ago
  • There are no failed jobs, there are no "completed with issues" jobs. Every day the job successfully completes according to the dashboard and the recovery points are all there. The retention period for the primary backup is 1 month warm / 3 months cold. The retention period for the remote copy is 5 months warm / 10 years cold.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions