WordPress.org

Ready to get started?Download WordPress

Forums

BackWPup Free - WordPress Backup Plugin
[resolved] BackWPUp S3 Permissions issue (4 posts)

  1. fraserhardy
    Member
    Posted 5 months ago #

    I have setup BackWPUp to use my S3 bucket and have created a IAM account for that bucket with full S3 permissions. I have tested this using the the keys with 3Hub (https://itunes.apple.com/us/app/3hub/id427515976?mt=12) and the keys allow me to view, upload, remove, edit. However every time I run the backup job I get the following error:

    [18-Mar-2014 15:57:14] 5212 Files with 284.18 MB in Archive.
    [18-Mar-2014 15:57:14] 1. Trying to send backup file to S3 Service …
    [18-Mar-2014 15:57:14] ERROR: S3 Service API: Access Denied
    [18-Mar-2014 15:57:14] 2. Trying to send backup file to S3 Service …
    [18-Mar-2014 15:57:14] ERROR: S3 Service API: Access Denied
    [18-Mar-2014 15:57:14] 3. Trying to send backup file to S3 Service …
    [18-Mar-2014 15:57:14] ERROR: S3 Service API: Access Denied
    [18-Mar-2014 15:57:14] ERROR: Step aborted: too many attempts!
    [18-Mar-2014 15:57:14] ERROR: Job has ended with errors in 77 seconds. You must resolve the errors for correct execution.

    Does this plugin require additional AWS permissions as I cant find any details on this and dont really want to give permissions for anything other than the bucket I am using for backup.

    https://wordpress.org/plugins/backwpup/

  2. Daniel Hsken
    Member
    Plugin Author

    Posted 5 months ago #

    On default the Plugin will make a multipart Upload. Can you try what happends if you disable it. Is is in the S3 confuguration tab.

  3. fraserhardy
    Member
    Posted 3 months ago #

    It was still not working with multipart upload disabled. After some more debugging and looking into the S3 access logs I found the request which was failing was for fetching the Bucket Location (http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html)

    I had set all permissions for that bucket but needed to add the following to my bucket policy:

    {
       "Sid": "RequiredByS3Console",
       "Action": ["s3:GetBucketLocation"],
       "Effect": "Allow",
       "Resource": ["arn:aws:s3:::*"]
    }
  4. kylewhenderson
    Member
    Posted 3 months ago #

    In my case the fix was to specify both the bucket and the folder permissions like so:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": "s3:*",
    "Resource": [
          "arn:aws:s3:::BUCKET_NAME",
          "arn:aws:s3:::BUCKET_NAME/*"
        ]
        }
      ]
    }

    obviously replacing BUCKET_NAME with the name of your bucket. I think it's due to the need for access to the bucket itself, along with any folder within, but I'm pretty new to S3.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.