Troubleshooting Batch Operations

The following topics list common errors to help you troubleshoot issues that you might encounter while working with Amazon S3 Batch Operations.

To troubleshoot issues with S3 Batch Replication, see Batch Replication errors.

Job report isn't delivered when there is a permissions issue or an S3 Object Lock retention mode is enabled

The following error occurs if required permissions are missing or an Object Lock retention mode (either governance mode or compliance mode) is enabled on the destination bucket.

Error: Reasons for failure. The job report could not be written to your report bucket. Please check your permissions.

The AWS Identity and Access Management (IAM) role and trust policy must be configured to allow Batch Operations the s3:PutObject permission to PUT objects in the bucket where the report will be delivered. If these required permissions are missing, a job report delivery failure occurs.

When a retention mode is enabled, the bucket is write-once-read-many (WORM) protected. Object Lock with retention mode enabled on the destination bucket is not supported, so job completion report delivery attempts fail. To fix this problem, choose a destination bucket for your job completion reports that doesn't have an Object Lock retention mode enabled.

Batch Operations failing objects with the error 400 InvalidRequest: Task failed due to missing VersionId

The following example error occurs if a Batch Operations job is performing actions on objects in a versioned bucket and encounters an object in the manifest with an empty version ID field.

Error: bucket_name,prefix/file_name,failed,400,InvalidRequest,Task failed due to missing VersionId

This error occurs because the version ID field in the manifest is an empty string, instead of the literal null string.

Batch Operations will fail for that particular object or objects, but not the entire job. This problem occurs if the manifest format is configured to use version IDs during the operation. Non-versioned jobs don't encounter this issue because they operate only on the most recent version of each object and ignore the version IDs in the manifest.

To fix this problem, convert the empty version IDs to null strings. For more information, see Converting empty version ID strings in Amazon S3 Inventory reports to null strings.

Create job failure with job tag option enabled

Without the s3:PutJobTagging permission, creating Batch Operations jobs with the job tag option enabled causes 403 access denied errors.

To create Batch Operations jobs with the job tag option enabled, the AWS Identity and Access Management (IAM) user that's creating the Batch Operations job must have the s3:PutJobTagging permission in addition to the s3:CreateJob permission.

For more information about the permissions required for Batch Operations, see Granting permissions for Batch Operations.

Access Denied to read the manifest

If Batch Operations can't read the manifest file when you attempt to create a Batch Operations job, the following errors can occur.

AWS CLI

Reason for failure Reading the manifest is forbidden: AccessDenied

Amazon S3 console

Warning: Unable to get the manifest object's ETag. Specify a different object to continue.

To solve this problem, do the following: