Skip to main content

Hello community!

Can you please help me with following error during AWS EC2 instance backup?

******\vol-0e21d18c73625cd7a Failed Volumes with market-place product code are filtered
 

I couldn't find anything relevant in documentation.

Thanks !

Hello @Nikos.Kyrm,

 

This is a limitation on the AWS side as a ec2 instance needs to be powered off when attaching volumes using market place.

The solution to your problem is to enable EBS DIRECT API for backup copies.

The flow then becomes: create ec2 snapshot, backup copy from EBS DIRECT API (https endpoint), which completely bypasses the problem you describe.

 

Using EBS DIRECT API should also be faster and less error prone than the current process of creating a volume and attaching it to a ec2 vsa instance (hot-add mode is similar to this process).

 

EBS DIRECT API should work since 11.20 release of Commvault software, but does require IAM policy update.


Regards,

Mike

Hello @mikevg  and thanks for your reply!

So, I assume this is the policy → iam:SimulatePrincipalPolicy
https://documentation.commvault.com/v11/essential/101442_requirements_and_usage_for_aws_iam_policies_and_permissions.html

 

This is a custom IAM policy, right? Do you have the permissions from a documentation in order to create it?


Thank you again,
Nikos

Hello @Nikos.Kyrm,

 

You should really just use the restricted json provided by Commvault:

https://documentation.commvault.com/2023e/essential/assets/products/vs_amazon/templates/amazon_restricted_role_permissions.json

 

There are multiple stuff in there for the EBS endpoint, but these are important:

            "ebs:CompleteSnapshot",            "ebs:GetSnapshotBlock",            "ebs:PutSnapshotBlock",            "ebs:StartSnapshot",            "ebs:ListChangedBlocks",            "ebs:ListSnapshotBlocks"

 

Regards,

Mike

@mikevg  Thanks for your reply.

I see that IAM Role, of the Account we want EC2 instance backup, already had the following permissions.

 

 


Any idea, maybe need additional permissions?

The warning from Commvault is the following:
There were r1] warnings while backing up virtual machine nawmserver]. ]Backup could not use Amazon EBS direct due to insufficient permissions.].

 

Thanks once again,
Nikos

Hello @Nikos.Kyrm,

 

I suspect there is a Service Control Policy blocking this and if you look at the logs you will see a “explicit deny”. Talk to your AWS Admin that controls the AWS accounts / Control Tower to check the SCP :)

 

Regards,

Mike

Hey @mikevg

So, in my case the problem seems to was the IntelliSnap option, that was accidentally disabled in VM group configuration!

Finally, I have completed ec2-instance backup jobs through snap copy, and then copy-to-disk copy job completes with warnings about Failed Volumes.

Thank you a lot!

Reply


Terms & ConditionsCookie settings