I am trying to create a backup of an important S3 bucket. I am planning on using AWS backup. I created a backup plan, a resource assignment, used the default policy. When I look at the job section, I can see that my job failed with the following error: Your backup job failed as AWS Backup does not have permission to describe resource arn:aws:s3:::<my-bucket-name>. Please review your IAM policies to ensure AWS Backup can protect your resources.
I tried to add this policy to the role :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-s3-bucket-arn"
}
]
}
Even with this I still get the exact same error, could I have missed something ? Did anyone met this issue before ?
The policy which you have added only allows AWS backup to list all buckets. However, to create a backup of S3 bucket, it needs permission to describe the S3 bucket.
To take backup of S3, you can add the managed policy "AWSBackupServiceRolePolicyForS3Backup". This policy contains the permissions necessary for AWS Backup to back up any S3 bucket. This includes access to all objects in a bucket and any associated AWS KMS key. To know more, Kindly refer here