Failure messages Troubleshooting PostgreSQL permissions errors

Troubleshooting DB cluster exports

Use the following sections to help troubleshoot failure messages and PostgreSQL permission errors for DB cluster export tasks to Amazon S3.

Failure messages for Amazon S3 export tasks

The following table describes the messages that are returned when Amazon S3 export tasks fail.

Failure message	Description
`Failed to find or access the source DB cluster: [cluster name]`	The source DB cluster can't be cloned.
`An unknown internal error occurred.`	The task has failed because of an unknown error, exception, or failure.
`An unknown internal error occurred writing the export task's metadata to the S3 bucket [bucket name].`	The task has failed because of an unknown error, exception, or failure.
`The RDS export failed to write the export task's metadata because it can't assume the IAM role [role ARN].`	The export task assumes your IAM role to validate whether it is allowed to write metadata to your S3 bucket. If the task can't assume your IAM role, it fails.
`The RDS export failed to write the export task's metadata to the S3 bucket [bucket name] using the IAM role [role ARN] with the KMS key [key ID]. Error code: [error code]`	One or more permissions are missing, so the export task can't access the S3 bucket. This failure message is raised when receiving one of the following error codes: `AWSSecurityTokenServiceException` with the error code `AccessDenied` `AmazonS3Exception` with the error code `NoSuchBucket`, `AccessDenied`, `KMS.KMSInvalidStateException`, `403 Forbidden`, or `KMS.DisabledException` These error codes indicate that settings are misconfigured for the IAM role, S3 bucket, or KMS key.
`The IAM role [role ARN] isn't authorized to call [S3 action] on the S3 bucket [bucket name]. Review your permissions and retry the export.`	The IAM policy is misconfigured. Permission for the specific S3 action on the S3 bucket is missing, which causes the export task to fail.
`KMS key check failed. Check the credentials on your KMS key and try again.`	The KMS key credential check failed.
`S3 credential check failed. Check the permissions on your S3 bucket and IAM policy.`	The S3 credential check failed.
`The S3 bucket [bucket name] isn't valid. Either it isn't located in the current AWS Region or it doesn't exist. Review your S3 bucket name and retry the export.`	The S3 bucket is invalid.
`The S3 bucket [bucket name] isn't located in the current AWS Region. Review your S3 bucket name and retry the export.`	The S3 bucket is in the wrong AWS Region.

Troubleshooting PostgreSQL permissions errors

When exporting PostgreSQL databases to Amazon S3, you might see a PERMISSIONS_DO_NOT_EXIST error stating that certain tables were skipped. This error usually occurs when the superuser, which you specified when creating the DB cluster, doesn't have permissions to access those tables.

To fix this error, run the following command:


GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name TO superuser_name

For more information on superuser privileges, see Master user account privileges.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Canceling a DB cluster export

Exporting DB cluster snapshot data to Amazon S3