list_recovery_points_by_resource doesn't work with RDS ARN
See original GitHub issueHello,
I found a bug when I try to list recovery points of a RDS resource. API return : An error occurred (AccessDeniedException) when calling the ListRecoveryPointsByResource operation: Insufficient privileges to perform this action.
Tested on python 3.8 lambda with boto3 The simplified code :
import boto3
resourceArn = "arn:aws:rds:eu-west-1:11111111111:db:database-1"
client = boto3.client('backup')
response = client.list_recovery_points_by_resource(ResourceArn=resourceArn)
That’s work on EC2 ARN.
And I have tested with my AWS CLI “aws-cli/2.1.30 Python/3.8.8”, I think CLI use botocore instead of boto3 and the result is not the same but I got an other issue. I can list-recovery-points-by-resource of a RDS ARN but if I had --max-results parameter I got a 403 too.
An error occurred (AccessDeniedException) when calling the ListRecoveryPointsByResource operation: Insufficient privileges to perform this action.
My CLI profile have Administrator access…
Thanks, Ronan
Issue Analytics
- State:
- Created 3 years ago
- Comments:19 (10 by maintainers)
Top GitHub Comments
Hi, I resolve this issue by adding
rds:describeDBClusterSnapshots
on the lambda policy. Of course, this is not a solution. I hope this helps clarify the situation.Hi @tcheksa62,
Glad you got it working! I did some additional testing (using the JavaScript SDK) with the
MaxResults
parameter and received the sameAccessDeniedException
when providing a value less than 20— This appears to be an issue with backup parameter validation.The backup team is working to fix the occurrence of the
AccessDeniedException
and I just made them aware of the issue with the validation of theMaxResults
parameter today— I’ll provide any updates I receive along the way!