
This assumes you are familiar with AWS Backup. If not, check out my article Getting Started with AWS Backup.
It's not all that uncommon for the Status of AWS Backup Jobs to be Completed with issues, especially with S3 Buckets.
And looking at one of the Completed with issues Jobs, let's say the following is displayed.
The most common thing that causes this issue is that you don't have the following roles attached to the IAM Policy being used by your Backup Plan.
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestore
- AWSBackupServiceRolePolicyForS3Backup
- AWSBackupServiceRolePolicyForS3Restore
The aws iam list-attached-role-policies command can be used to list the Roles that are attached to the IAM Role being used by your Backup Plan.
~]$ aws iam list-attached-role-policies --role-name my-backups-role
{
"AttachedPolicies": [
{
"PolicyName": "my-backups-policy",
"PolicyArn": "arn:aws:iam::123456789012:policy/my-backups-policy"
},
{
"PolicyName": "AWSBackupServiceRolePolicyForRestores",
"PolicyArn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores"
},
{
"PolicyName": "AWSBackupServiceRolePolicyForBackup",
"PolicyArn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
},
{
"PolicyName": "AWSBackupServiceRolePolicyForS3Restore",
"PolicyArn": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore"
},
{
"PolicyName": "AWSBackupServiceRolePolicyForS3Backup",
"PolicyArn": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup"
}
]
}
The aws iam attach-role-policy command can be used to attach the Permission Policies to the IAM Role being used by your Backup Plan.
aws iam attach-role-policy --policy-arn arn:aws:iam::123456789012:policy/my-backups-policy --role-name my-backups-role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup --role-name my-backups-role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores--role-name my-backups-role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup --role-name my-backups-role
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore --role-name my-backups-role
Did you find this article helpful?
If so, consider buying me a coffee over at