Open aprilrieger opened 1 year ago
Restore of the efs file system into the new VPC was unsuccessful, here is the screenshot (adding to the list):
Error while completing request: User: arn:aws:sts::657539223582:assumed-role/AWSBackupDefaultServiceRole/AWSBackup-AWSBackupDefaultServiceRole is not authorized to perform: iam:CreateServiceLinkedRole on the specified resource (Service: AmazonElasticFileSystem; Status Code: 403; Error Code: AccessDeniedException; Request ID: 3c7a1c0b-1341-45d3-9b85-796d1fad2711; Proxy: null)
Followed: Create VPN Network: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-dev-test.html#create-vpc-one-public-subnet Restore form backup: https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-a-backup.html https://docs.aws.amazon.com/aws-backup/latest/devguide/restore-resource.html
In order to work through the EFS Backup restore issues with the error reported above. We needed to add a new policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "elasticfilesystem.amazonaws.com"
}
}
}
]
}
And attach it to the AWSBackupDefaultServiceRole
, once that was successfully completed we were able to get the restore started and have a percentage of 11% completed thus far.
Review of all job this morning and the efs transfer is complete
Backup Restore Tests PLUS Documentation
For scholarworks instance:
Acceptance criteria: