All Products
Search
Document Center

Object Storage Service:0031-00000301

Last Updated:Oct 17, 2024

Problem description

When you replicate data across accounts, the Key Management Service (KMS) key used in the destination region does not grant the GenerateDataKey permission to the role that you authorize OSS to use to replicate data by using a key policy, or the KMS key in the data replication rule does not exist.

Causes

You have initiated a cross-account PutBucketReplication request, but the KMS key used in the destination region does not grant the GenerateDataKey permission to the role that you authorize OSS to use to replicate data by using a key policy, or the KMS key in the data replication rule does not exist.

Solutions

Check whether the value of the ReplicaKmsKeyID parameter in the cross-account PutBucketReplication request is valid. If the value is valid, configure a key policy for a cross-account user.

References

PutBucketReplication