Resolving Access Denied Errors in N2WS S3 Sync (CopyObject or ListObjectsV2 )
When using N2WS S3 sync policies, you might encounter the following errors:
CopyObject Operation Error:
10/29/2024 03:02:11 PM, Error, "copy failed: s3://atestbucket2022saif/cli commands.txt to s3://s3sync-cross-account-destination/cli commands.txt An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied"ListObjectsV2 Operation Error:
10/29/2024 03:22:34 PM, Error, "fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied"
Solution:
To resolve these errors, you need to modify the bucket policy to include access to the bucket’s objects. Update your bucket policy as follows:
Original Bucket Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::s3sync-cross-account-destination-with-kms"
]
}
]
}
Updated Bucket Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::s3sync-cross-account-destination-with-kms",
"arn:aws:s3:::s3sync-cross-account-destination-with-kms/*"
]
}
]
}
Steps to Update the Bucket Policy:
Access the S3 Console:
- Go to the destination AWS Management Console and open the S3 service.
Navigate to the Bucket:
- Select the bucket you are syncing to (e.g.,
s3sync-cross-account-destination-with-kms).
- Select the bucket you are syncing to (e.g.,
Edit the Bucket Policy:
- Go to the Permissions tab.
- Click on Bucket Policy and replace the existing policy with the updated policy shown above.
Save Changes:
- Save the updated policy to apply the changes.
By updating the bucket policy to include access to the bucket’s objects, you should be able to resolve the Access Denied errors and successfully perform S3 sync operations.
If you need further assistance, feel free to ask!
Related Articles
S3Sync: Source bucket: prod_bucket_A to Destination bucket: prod_bucket_B failed fatal error:S3SYNC An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Issue: When trying to synchronize two buckets in CPM I get the following error message. S3Sync: Source bucket: Prod_bucket to Destination bucket: Dev_bucket failed fatal error: S3SYNC An error occurred (AccessDenied) when calling the ListObjectsV2 ...Knowledge Base Article: Resolving Access Denied Error in N2WS S3 Sync
Issue When attempting to copy an object between S3 buckets using AWS KMS for encryption, you encounter the following error: copy failed: s3://atestbucket2022-with-kms/CPM Configurations.pdf to s3://s3sync-cross-account-destination-with-kms/CPM ...S3 Sync cross account failing due to AccessDenied error
Issue: When doing cross account S3 sync, it fails due to missing permissions on the bucket copy failed: s3://mybucketname//file_name.txt to s3://other_bcuket//file_name.txt An error occurred (AccessDenied) when calling the CopyObject operation: ...How to use AWS IAM Policy Simulator to troubleshoot N2WS Backup permission issues.
Background: Permission issues are one of the most common errors seen by users of N2WS Backup and this article explains how you can use the IAM Policy Simulator to help you narrow down whether permissions are allowed by an IAM User or a Role. This ...Internet access required for CPM operations
CPM Server: All outbound CPM communication is to the 443 port (https) For ongoing operations for a production CPM server it needs to access AWS endpoints to use AWS APIs. You can decide to expose only relevant regions. AWS endpoint information can be ...