Insufficient permissions for EDS DIRECT READ

  • 19 September 2022
  • 5 replies
  • 2 views

Badge +1

@Anthony.Hodges , I have the same issue with 11.24.7.  We have all the roles defined that was presented here and the documentation.

You said the issue was on the AWS side.  Could you elaborate on that?

 

Thanks

Chuck


5 replies

Badge +1

@ChuckC  - IAM permissions for EBS direct APIs - Amazon Elastic Compute Cloud

On the note from AWS it shares the following:
 

Important

Be cautious when assigning the following policies to IAM users. By assigning these policies, you might give access to a user who is denied access to the same resource through the Amazon EC2 APIs, such as the CopySnapshot or CreateVolume actions.

Badge +1

Hi everyone.  I opened a case with Commvault and they reviewed our roles and setup.  It seems to be ok.  They did notice that there is a fix in 11.28 concerning EBS Direct Read fails and suggested to upgrade to that.

In the meantime, the engineer identified a setting to apply to the media agent in order to skip the permissions checking of the EBS Direct Read API...bAmazonSkipDirectReadPermissionsCheck.  We set that and we are now successful at using the API. 

This is not a fix but it did get us up and using it.  it is still a small sample set but have seen some significant backup speed reduction.

We are wondering how long the snapshot stays around after the backup is complete and if we can control that.  Any Ideas?

Thanks

Chuck 

Userlevel 7
Badge +23

@ChuckC can you share the case number?  I want to split this off into its own thread so we can track it better for you.

Badge +1

Yes, MIke.  Not a problem.  220919-722.

 

Thanks

Chuck

Userlevel 7
Badge +23

Thanks!  This is the new thread (the other was already marked solved).

Reply