I have followed those instructions step by step: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html
However I have the following error:
An error occurred (InvalidParameterValue) when calling the CopySnapshot operation: Elasticache was unable to validate the authenticated user has access on the S3 bucket ...
The bucket is in the same region of the backup
This is my bucket configuration:
{
"LocationConstraint": "eu-central-1"
}
{
"Version": "2012-10-17",
"Id": "xxxxxxxx",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eu-central-1.elasticache-snapshot.amazonaws.com"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::my-bucket-name/*",
"arn:aws:s3:::my-bucket-name"
]
}
]
}
This is the snapshot
{
"Snapshots": [
{
"SnapshotName": "my-snapshot-name",
"CacheClusterId": "xxxxxxxx-xxx",
"SnapshotStatus": "available",
"SnapshotSource": "manual",
"CacheNodeType": "cache.t2.micro",
"Engine": "redis",
"EngineVersion": "5.0.3",
"NumCacheNodes": 1,
"PreferredAvailabilityZone": "eu-central-1c",
"CacheClusterCreateTime": "xxxxxxx",
"PreferredMaintenanceWindow": "mon:02:30-mon:03:30",
"Port": 6379,
"CacheParameterGroupName": "default.redis5.0",
"CacheSubnetGroupName": "internal",
"VpcId": "xxxxx",
"AutoMinorVersionUpgrade": true,
"SnapshotRetentionLimit": 7,
"SnapshotWindow": "00:00-02:00",
"NodeSnapshots": [
{
"CacheNodeId": "0001",
"CacheSize": "33 MB",
"CacheNodeCreateTime": "xxxxxx",
"SnapshotCreateTime": "xxxxxx"
}
],
"ARN": "arn:aws:elasticache:eu-central-1:000000000:snapshot:my-snapshot-name",
"DataTiering": "disabled"
}
]
}
Apparently AWS updated their docs by adding a crucial piece of information regarding the ACL, look the accepted answer for more info.
Here very important step is to add ACL as mentioned in doc:
Add grantee Canonical Id 540804c33a284a299d2547575ce1010f2312ef3da9b3a053c8bc45bf233e4353 with the following options:
I added this ACL permission and it started working like a charm.
After adding this ACL my configuration looks below.
Full Ref document link: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access