[SOLVED] S3 Backup fails to backup

PROBLEM:

  • There is not much documentation on how to configure Amazon Web Services to receive S3 backups from MIAB. You might have followed the tutorial at http://www.meanly.io/aws/2017/09/22/storing-mail-in-a-box-backups-in-s3.html.

  • Your backups are running, but you receive nightly emails with the following error messages:

    Attempt 1 failed. S3ResponseError: S3ResponseError: 403 Forbidden

    Attempt 5 failed. S3ResponseError: S3ResponseError: 403 Forbidden

  • Your backups are running, but it takes 4-5 minutes to transfer 250MB to your S3 bucket due to attempts failing.

  • When it is time for the first full backup to be deleted, backups stop working altogether and you receive the following error message:

    Attempt 1 failed. S3ResponseError: S3ResponseError: 403 Forbidden
    <?xml version=“1.0” encoding=“UTF-8”?>
    <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0020XXXXXXX303E</RequestId><HostId>nGztXXXXdkuFff6S4695DzEhTqx2kNi0Ld4z9XXXXXXXw86cg0jM4pCeVF+XXXXXXpKBfk=</HostId></Error>

ROOT CAUSE ANALYSIS:

The tutorial is a bit out of date. Apparently, MIAB didn’t rotate backups in 2017, so there was no need to grant the GetObject and DeleteObject permissions to items within the bucket.

SOLUTION:
Make sure that the group that the MIAB AWS user belongs to has at least the following permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::my-bucket-name"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        }
    ]
}

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.