Home > Back-end >  The IAM role arn:aws:iam::XXXXXXXXXXXX:role/XXXXXXXXXXXX isn't authorized to call s3:DeleteObje
The IAM role arn:aws:iam::XXXXXXXXXXXX:role/XXXXXXXXXXXX isn't authorized to call s3:DeleteObje

Time:08-19

Can someone please help with the following error on AWS RDS Export of database.

I am getting the following error:

Your request to export snapshot to S3 has failed.
The IAM role arn:aws:iam::XXXXXXXXXXXX:role/XXXXXXXXXXXX isn't authorized to call s3:DeleteObject on the S3 bucket XXXXXXXXXXXX-XXXX-XXXX.

My Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ExportPolicy",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject*",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetObject*",
                "s3:DeleteObject",
                "s3:DeleteObject*",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::My-bucket",
                "arn:aws:s3:::My-bucket/export/*"
            ]
        }
    ]
}

My Role

Trust relationships

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "export.rds.amazonaws.com",
                    "ec2.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

CodePudding user response:

Could you please try the following. It seems to be working.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ExportPolicy",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject*",
                "s3:ListBucket",
                "s3:GetObject*",
                "s3:DeleteObject*",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket",
                "arn:aws:s3:::my-bucket/*"
            ]
        }
    ]
}
  • Related