S3 Offsite Backup does everything but upload

I’m using OttoFMS 4.10.4 and FMS 21.0.1 on a Windows Server.
In OttoFMS I setup an AWS Offsite location.
I setup a Schedule with the zip option (I have also tried with it off).
In the OttoFMS Settings I pressed the Run Now.
It told FMS to run the backup.
OttoFMS then Zipped the files.
It then stops. Nothing goes to AWS.
Here are the logs:


2025-04-30 16:11:03.970 +1000	Information	146	FMFile1	Schedule "OTTO_BACKUP" run now by "admin".
2025-04-30 16:11:03.992 +1000	Information	774	FMFile1	Starting to back up 3 database(s) to folder "filewin:/C:/Program Files/FileMaker/FileMaker Server/Data/Backups/OttoFMS/offsite/OTTO_BACKUP/OTTO_BACKUP_2025-04-30_1611_InProgress/".
2025-04-30 16:11:05.678 +1000	Information	458	FMFile1	Starting to back up database "FMFile1", current status: Normal
2025-04-30 16:11:32.832 +1000	Information	769	FMFile1	Backup attempting to pause up to 3 database(s)...
2025-04-30 16:11:32.949 +1000	Information	758	FMFile1	Backup of "Data1" skipped because no changes were made since last backup; created hard link to last backup file "filewin:/C:/Program Files/FileMaker/FileMaker Server/Data/Backups/OttoFMS/offsite/OTTO_BACKUP/OTTO_BACKUP_2025-04-30_1601/Databases/Data1.fmp12".
2025-04-30 16:11:32.949 +1000	Information	758	FMFile1	Backup of "Data2" skipped because no changes were made since last backup; created hard link to last backup file "filewin:/C:/Program Files/FileMaker/FileMaker Server/Data/Backups/OttoFMS/offsite/OTTO_BACKUP/OTTO_BACKUP_2025-04-30_1601/Databases/Data2.fmp12".
2025-04-30 16:11:32.950 +1000	Information	460	FMFile1	Backup of "FMFile1" completed, current status: Normal
2025-04-30 16:11:34.833 +1000	Information	682	FMFile1	Deleted backup folder "filewin:/C:/Program Files/FileMaker/FileMaker Server/Data/Backups/OttoFMS/offsite/OTTO_BACKUP/OTTO_BACKUP_2025-04-30_1601/".
2025-04-30 16:11:34.846 +1000	Information	150	FMFile1	Schedule "OTTO_BACKUP" completed.

Hey Andrew,

Could you send me the OttoFMS logs for the same time period?

-Kyle

Hey Andrew,

thanks for sending over your logs. Does the account you’re using for this S3 location have all of the following permissions:

  • ListBucket
  • DeleteObject
  • GetObject
  • PutObject
  • PutObjectACL
  • CreateBucket
    It looks like in your logs it is missing the “ListBucket” permission which would cause backups to fail. OttoFMS does a check to see if the files it is sending up are already on the bucket, which requires the ListBucket permission.

I’ll add this list to the OttoFMS docs to make this more clear.

-Kyle

Kyle the user has access to this Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": [
                "arn:aws:s3:::backups-bucket-name",
                "arn:aws:s3:::other-bucket-name"
            ]
        }
    ]
}

If ListBucket is mandatory for uploading then how does that relate to being able to create Offsite Locations and the Bucket option, ‘Only used for testing connection if OttoFMS cannot list buckets.’? I first couldn’t get round this so I added the extra options to the policy and didn’t need to specify a bucket in the Offsite Location setup.

Hey Andrew,

That is the difference between the ListBuckets and ListBucket permissions. To do the actual copy of files up, it needs the ListBucket permission, the ListBuckets permission is optional and make things work a bit better.

In your otto-info.log its pretty clearly stating that the issue is the lack of the ListBucket permission, is it set up for the proper buckets?

-Kyle

Kyle,
Do you have a step by step example of how to setup the IAM User/Profile that I’m gathering is the issue.

Hey Andrew,

We don’t have a guide for setting up the IAM User/Profile as it changes based on which S3 provider you’re using. Whichever S3 host you’re using should have some documentation on setting up the permissions. The OttoFMS logs will also tell you what the specific error is so that you can track down the permissions. Essentially, OttoFMS just needs to be able to read the bucket as well as get, put, and delete objects from it.

If you don’t have the “Create Bucket” permission it will fail as OttoFMS does a pre-check to see if the bucket exists when it sends offsites. This pre-check is being removed in the next version so that you will not need to include that permission.

-Kyle