AWS Cloud Storage Configuration fails with error "The server was unable to complete the requested operation."
Problem
AWS Cloud Storage Configuration fails with error "The server was unable to complete the requested operation."
Error Message
BEMSDK Failure Code : E0009840
Backup Exec SGMON Debug Log:
BESERVER: 51 STSOBJECT: STS Debug Info: session (16531708): 'CurlHttpClient: CurlHttpClient::processCompletedEasyHandle: STS error: 0, cURL error: 0, multi cURL error: 0, HTTP return value: 403'
BESERVER: 51 STSOBJECT: STS ERROR: session (16531708): 'CurlHttpClient: CurlHttpClient::checkCompletedHandles : function processCompletedEasyHandle failed with error 2060037 ("access not allowed").'
MANAGEMENT: ERROR: LocalizedException:
MANAGEMENT: ERROR: Message: The server was unable to complete the requested operation.
MANAGEMENT: ERROR: Reason: Unable to authenticate with the CloudStorage device. Ensure that the logon account that is required to access the device has the correct credentials.
MANAGEMENT: ERROR: Info: BEMSDK Failure Code: E0009B40
Cause
Insufficient permissions to access AWS resources or bucket.
Solution
Ensure that following AWS permissions are assigned to top level resource and buckets resource.
Following in an example of policy with Backup Exec required permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:CreateBucket",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::BucketName/*"
]
}
]
}