Using object storage as a backup target
Post Reply
tpx
Novice
Posts: 7
Liked: 2 times
Joined: Mar 08, 2020 9:26 am
Contact:

AWS S3 Immutability (Object Lock) error

Post by tpx » 1 person likes this post

I was receiving the following error when selecting the Make recent backups immutable checkbox:
"Failed to enable backup immutability: the selected object storage does not support S3 Object Lock feature"

I found the solution in Veeam's documentation:
https://helpcenter.veeam.com/docs/backu ... ml?ver=100

When enabling Object Lock on an S3 bucket, use the None option for the object lock configuration mode. Otherwise, you will not be able to register the bucket with Veeam Backup & Replication. Note that Veeam Backup & Replication will automatically use Compliance object lock mode for each uploaded object.

I had previously selected 'Compliance mode' on the S3 bucket when enabling Object Lock.

It's working now after I changed it to the None option.

dalbertson
Veeam Software
Posts: 486
Liked: 168 times
Joined: Jul 21, 2015 12:38 pm
Full Name: Dustin Albertson
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by dalbertson »

I will perform some testing in my lab. But there are two ways to create a bucket with object lock. One way is doing it while you are creating the bucket by enabling versioning and then adding the checkbox for object lock. The second way is after the bucket is created and going to the properties page. I am thinking that the issue appears when the second way is being selected.
Dustin Albertson | Manager - Cloud & Applications | Veeam Product Management, Alliances

robert.vonmehren
Veeam Software
Posts: 68
Liked: 5 times
Joined: Nov 07, 2018 3:44 pm
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by robert.vonmehren »

Just to add - I am seeing the same issue with a customer.

Versioning and object lock were enabled and set to compliance mode - this resulted in an error that object lock was not supported for this bucket

We tried with a new bucket with object lock set to "none" and resulted in the same error. Will post support case # when opened

amarsaudon
Lurker
Posts: 2
Liked: never
Joined: Mar 10, 2020 5:05 pm
Full Name: Alex Marsaudon
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by amarsaudon »

Did you ever get this sorted? Experiencing the same thing, figured I'd ask before opening a ticket.

dalbertson
Veeam Software
Posts: 486
Liked: 168 times
Joined: Jul 21, 2015 12:38 pm
Full Name: Dustin Albertson
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by dalbertson » 3 people like this post

https://helpcenter.veeam.com/docs/backu ... ml?ver=100

When enabling Object Lock on an S3 bucket, use the None option for the object lock configuration mode. Otherwise, you will not be able to register the bucket with Veeam Backup & Replication. Note that Veeam Backup & Replication will automatically use Compliance object lock mode for each uploaded object.
Dustin Albertson | Manager - Cloud & Applications | Veeam Product Management, Alliances

mrt
Enthusiast
Posts: 51
Liked: 2 times
Joined: Feb 10, 2011 7:27 pm
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by mrt »

When enabling Object Lock on an S3 bucket, use the None option for the object lock configuration mode.
Struggling with this error. Did AWS change the wording on the bucket creation form? When I create a bucket and enable Object Lock, I'm given no options at all to set "configuration mode" nor is that setting available after bucket creation. Thanks

gareauk
Lurker
Posts: 1
Liked: 1 time
Joined: Dec 09, 2021 7:19 pm
Full Name: Kelly Gareau
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by gareauk » 1 person likes this post

I had the same issue, after speaking with our Veeam rep, we found out the Veeam IAM user was missing some permissions. The error went away once we corrected the permissions.

https://helpcenter.veeam.com/docs/backu ... ml?ver=110

Andreas Neufert
VP, Product Management
Posts: 5939
Liked: 1235 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by Andreas Neufert »

Thanks for sharing this Kelly

MrC
Lurker
Posts: 1
Liked: never
Joined: Oct 18, 2013 2:44 pm
Full Name: Chris Currell
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by MrC »

Case #05422675 — Issues adding S3 repository

This subject is very confusing and mostly due to the poor and contradictory documentation provided by Veeam.

This article lists different IAM permissions then the one Kelly linked above.
https://www.veeam.com/kb3151

Which is correct? When you try and paste the JSON code from the article Kelly shared you cant even browse the bucket.

When I use the below JSON code I can see the bucket but not the folder I created.


{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObjectRetention",
"s3:DeleteObjectVersion",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:PutObjectLegalHold",
"s3:GetBucketVersioning",
"s3:GetObjectLegalHold",
"s3:GetBucketObjectLockConfiguration",
"s3:PutObject",
"s3:GetObject",
"s3:PutObjectRetention",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
}
]
}

Something that seems so simple and easy has so many articles that contradict each other.

So you create the bucket with:
- Bucket Versioning Enabled
- Block all public access enabled (on)
- Object lock enabled
- default retention disabled

Are suppose to use Bucket Policies and if so what are the permissions?

HannesK
Veeam Software
Posts: 11005
Liked: 2089 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: AWS S3 Immutability (Object Lock) error

Post by HannesK »

Hello,
and welcome to the forums.
Something that seems so simple and easy
when I started with AWS, that IAM part was relatively difficult for me to understand :-)
so many articles that contradict each other.
just to confirm: Is that statement about the two documents (helpcenter and KB article), or more? The reason for the two is, that "experts" prefer the "pure information" and people like me (who deal with AWS only from time to time) prefer more "hand on" (the KB article).
So you create the bucket with:
- Bucket Versioning Enabled
- Block all public access enabled (on)
- Object lock enabled
- default retention disabled
correct

Best regards,
Hannes

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests