Prune is Failing on Wasabi with Permissions Error

lyntux · 6 June 2024 00:29

I am getting a prune failure error due to some sort of permissions issue when I back up my files to Wasabi. Here’s the sanitized output of the error message.

Running prune command from /home/username/.duplicacy-web/repositories/localhost/all
Options: [-log prune -storage computer-name -keep 0:365 -keep 7:90 -keep 1:7 -a]
2024-06-05 18:12:26.628 INFO STORAGE_SET Storage set to wasabi://us-west-1@s3.us-west-1.wasabisys.com/backup-folder/computer-name
2024-06-05 18:12:27.290 INFO RETENTION_POLICY Keep no snapshots older than 365 days
2024-06-05 18:12:27.290 INFO RETENTION_POLICY Keep 1 snapshot every 7 day(s) if older than 90 day(s)
2024-06-05 18:12:27.290 INFO RETENTION_POLICY Keep 1 snapshot every 1 day(s) if older than 7 day(s)
2024-06-05 18:12:32.312 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 2
2024-06-05 18:12:32.336 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 3
2024-06-05 18:12:32.355 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 4
2024-06-05 18:12:32.374 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 5
2024-06-05 18:12:32.395 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 6
2024-06-05 18:12:32.414 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 7
2024-06-05 18:12:32.433 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 9
2024-06-05 18:12:32.453 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 10
2024-06-05 18:12:32.472 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 11
2024-06-05 18:12:32.490 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 12
2024-06-05 18:12:32.507 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 14
2024-06-05 18:12:32.528 INFO SNAPSHOT_DELETE Deleting snapshot local-home at revision 15
2024-06-05 18:12:34.838 ERROR CHUNK_DELETE Failed to fossilize the chunk 39035216fea1b2bf5f2764ea926fe30633a9772deead9f055957c765262c70b1: 403 Forbidden
Failed to fossilize the chunk 39035216fea1b2bf5f2764ea926fe30633a9772deead9f055957c765262c70b1: 403 Forbidden

Here are the permissions that the service account has for backing up files:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::backup-folder/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::backup-folder"
    }
  ]
}

Like I said, I’m backing up to Wasabi. I know there are some differences between AWS S3 and Wasabi and I have verified that I have this configured as a Wasabi backup directory and I’m NOT using S3.

What permissions do I need to apply to my service account to avoid these fossilization errors?