K10 can leverage the object-locking capability available in object stores to make backups immutable. This guard against catastrophic disaster scenarios such as ransomware attacks and allows recovering the backups in those situations.
This article helps to debug the error message with the access denied error for the immutable bucket.
Problem description
K10 is unable to monitor or refresh the retention period of the data in the S3 bucket. K10 will not be able to calculate the lock duration based on your retention setting because of this issue.
This will show up constantly as an error message in the K10 notification bar.
error: can't connect to storage: could not get determine
if bucket '' supports versioning: Access Denied
Resolution:
The above error message is seen when the IAM role attached to the S3 bucket doesn't have s3:GetBucketVersioning permissions.
The documentation has the list of required permissions for S3 as well as the additional permissions required for the creation and maintenance of immutable backups.
#below is the list of additional permissions required for immutable backups
s3:ListBucketVersions
s3:GetObjectRetention
s3:PutObjectRetention
s3:GetBucketObjectLockConfiguration
s3:GetBucketVersioning
s3:GetObjectVersion
s3:DeleteObjectVersion