-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error creating Backup Vault #6
Comments
Hi @GuilhermeRizzottoLis, the module uses the service role as defined here https://github.com/lgallard/terraform-aws-backup/blob/master/iam.tf#L12 and add a policies in the iam.tf, in particular here https://github.com/lgallard/terraform-aws-backup/blob/master/iam.tf#L24. With those roles/policies should be enough to create the a new vault. I checked the Did you check if the service role were created? |
Yeah, it was created, maybe its some configuration in AWS, but i have Full Access permition. |
@GuilhermeRizzottoLis did you check this issue reported here ? It seems a async problem (maybe due to networking issues or token expiration) as expressed in this comment |
I just started encountering this same exact issue. I'm able to create vaults via the aws console and aws cli directly no problem, but when I attempt to do so using the same exact IAM role via Terraform, I get this cryptic 403 error. Looking through Terrform's debug log reveals nothing useful. Terraform v0.14.9, AWS provider v3.35.0 |
@faucherb94 can you share your Terraform definition? |
I am suffering the same issue. Terraform v0.14.10, AWS provider 3.36.0.
|
@jralonso i just applied the complete example in my account using Terraform v0.14.10, AWS provider 3.36.0. Are you using the complete example or any other example? Did you check you have enough permission privileges to create AWS Backup resources (vaults, plans, rules, etc) ? |
@jralonso I checked the simple_plan example with the latest version of the module (0.11.2) and it's working with Terraform v0.14.10, AWS provider 3.36.0 as well. |
I have the same error when run with my Pipeline User. This User has When I perform I have Full Administrator Access and can create AWS Backup Vault with my credentials. Which permissions my pipeline user needs? |
@thiagolsfortunato the module creates a service role, meaning your pipeline must be able to create roles in IAM. |
For anyone else who stumbles upon this issue, make sure you are adding the required IAM permissions mentioned in the CreateBackupVault row to the role creating the Vault. I was misssing the required |
@carflo maybe we can add those permissions in the IAM policy here https://github.com/lgallard/terraform-aws-backup/blob/master/iam.tf#L40 |
@lgallard The IAM permissions need to be added to the Role running the terraform. In @thiagolsfortunato's case, his "pipeline user" (i.e., not the IAM role used by AWS Backup that your module creates). I think just adding this to the README (e.g., Troubleshooting: error creating Backup Vault () ...) would be helpful as the error message from AWS is not useful. This is mentioned in the AWS docs as a requirement so I'll leave that up to you. As a disclaimer, I'm not using this module but I stumbled upon this issue (google search) due to the same error from the |
@carflo thanks for the clarification. Comment added in README!! |
Hey man, im trying to use your repo, but im always getting an error to create a backup vault,
error creating Backup Vault (): AccessDeniedException: status code: 403, request id: 8e7e577e-5b74-4d4d-95d0-bf63e0b2cc2e
, do you know why. I only changed the main.tf file from thesimple_plan_using_list
example with my data. Do you know is that happening?Thanks.
The text was updated successfully, but these errors were encountered: