Problem Description
Backups to Druva Cloud are failing with the following error:
failed to sign request: failed to retrieve credentials: failed to refresh cached credentials,
operation error STS: AssumeRole, https response error StatusCode: 403
Cause
The issue occurs because AWS Security Token Service (STS) is not enabled for the region where the backup is attempting to use EBS Direct APIs. This results in the RegionDisabledException, preventing the backup process.
Traceback
operation error EBS: ListSnapshotBlocks, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials,
operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: af61eff9-5b55-4419-b70b-33657e0d784f,
RegionDisabledException: STS is not activated in this region for account: 885508228202.
Your account administrator can activate STS in this region using the IAM Console.
Resolution
To resolve this issue, you need to enable STS in the AWS region where the backup to Druva cloud backup is failing. Follow these steps to activate STS:
Log in to the AWS Management Console with appropriate permissions.
Navigate to: IAM Console → Account Settings → Security Token Service (STS)
Under the Regional endpoints section, locate the region where backups are failing (e.g.,if the failed resources belong to Canada).
Enable STS for the specific region by switching its status to Activated.
Retry the Backup
Once STS is enabled, retry the backup process. The issue should be resolved if the region is now correctly configured.
Tags:
STS, BTDC backup failed, BTDC, EC2 backup failure