It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Backup

How to Resolve "Unable to validate all permission with AWS" Error

  • Last updated on

Use the steps in this article to resolve the error  "Unable to validate all permissions with AWS. For assistance with this issue, please contact Barracuda Networks Technical Support." 

If you are replicating data offsite to AWS and are unable to validate AWS credentials, these steps will determine if an SCP policy is blocking the simulator. 

  1.  Log into AWS and search for "Roles" in the search bar. Under Features, click Roles - IAM feature.
    search-roles1.png
  2. Filter using the IAM Role you imported with the template, and then click the Role name link.
    filter-roles.png
  3. Scroll down and verify the Permissions policies. You should see Provides full access for S3 and EC2. If these are correct, click Simulate.
    verify-permissions.png
  4. On the top left of the IAM Policy Simulator page, change the first dropdown menu to Roles and enter the role you are searching for in the second filter box. Click on the role in the filtered results.
    change-role-filter-and-select.png
  5. Under the Policy Simulator section, change the first dropdown Select service menu to S3. Change the second dropdown Select actions menu to ListBucket.
    select-s3-list-bucket.png
  6. Click Run Simulation.
    run-simulation.png
  7. If the result comes back Permission denied, it is possible that the permissions are incorrect or there is a global SCP policy restricting the region. The simulator does not know how to filter the region so it comes back with a denied error.
    denied.png
  8. If an organizational SCP is in place, the simulator will not be able to validate permissions. However, the real API calls will work. To verify, do the following:
    1. Uncheck the AWS Organization SCPs box under the Policies section on the left-hand side. 
    2. Run the simulation again. You should now see Permission allowed. That means that the API calls will work properly when credentials are added. The API/SDK's available do not allow Barracuda Networks to uncheck this box like the web simulator, hence we are unable to validate permissions properly when SCPs restricting regions are in place. If the bug filed with AWS is fixed, we can validate permissions again with the simulator by ignoring SCPs. For more information, refer to https://github.com/aws/aws-sdk/issues/102.
    uncheck+run.png