I'm trying to test a differential backup and restore on an RDS SQL Server 2019 instance in preparation for migrating some web resources into AWS. Both the EC2 instance (Windows Server 2019) on which I'm running SSMS and the RDS instance have roles with S3 full access using the AmazonS3FullAccess policy (it seems to me like only the RDS instance should need that, but I've been surprised too many times to believe my assumptions). The S3 bucket I'm trying to write to is the same bucket from which I restored/created the database in the first place, so I'm sure it's in the same availability zone and visible to the instance.
This is the command I'm running in the SSMS query window:
EXEC msdb.dbo.rds_backup_database
@source_db_name = 'our_database',
@s3_arn_to_backup_to = 'arn:aws:s3:::our-bucket/database_differential.bak',
@overwrite_S3_backup_file = 1,
@type = 'DIFFERENTIAL';
The task is created OK, but fails almost instantly with this message:
[2021-08-25 22:32:22.070] Task execution has started.
[2021-08-25 22:32:22.170] Aborted the task because of a task failure or an overlap with your preferred backup window for RDS automated backup.
[2021-08-25 22:32:22.173] Task has been aborted
[2021-08-25 22:32:22.177] Access Denied
The automated backup window for this instance is 08:01-08:31 so I can't see that 22:32 is conflicting with that. I've opened up the bucket to public access and, as I mentioned, granted full access roles to the participating instances. Neither SQL Server nor AWS is my wheelhouse, and all I've been able to find in an hour on Google is recommendations to check the things I've already mentioned. What else should I try?
