Prerequisites
This setting applies specifically to AWS EC2 instances where backups are failing. This issue is relevant if:
- You are using IAM roles for authentication and not Access key + Secret key
- You are encountering issues with Amazon S3 configurations and snapshot backups failing
- The Snapshot config shows error
invalid store data: failed to validate instance roleon Save
Resolution
Check current value for HttpPutResponseHopLimit
aws ec2 describe-instances --instance-id <instance-id> --query "Reservations[].Instances[].MetadataOptions"
The HttpPutResponseHopLimit is an EC2 instance metadata setting that controls the number of network hops allowed for PUT response. If this value is set to less than 2, your EC2 instance may fail to assume the IAM role necessary for authentication, leading to backup and other operations failing.
Ensure you have the necessary permissions and AWS CLI installed and execute
aws ec2 modify-instance-metadata-options --instance-id <instance-id> --http-put-response-hop-limit 2
{
"InstanceId": "i-<instance-id>",
"InstanceMetadataOptions": {
"State": "pending",
"HttpTokens": "required",
"HttpPutResponseHopLimit": 2,
"HttpEndpoint": "enabled"
}
}
Validate that backup operations work after the change.