Common errors for journal export - Amazon Quantum Ledger Database (Amazon QLDB)

Common errors for journal export

This section describes runtime errors that are thrown by Amazon QLDB for journal export requests.

The following is a list of common exceptions returned by the service. Each exception includes the specific error message, followed by a short description and suggestions for possible solutions.


Message: User: userARN is not authorized to perform: iam:PassRole on resource: roleARN

You don't have permissions to pass an IAM role to the QLDB service. QLDB requires a role for all journal export requests, and you must have permissions to pass this role to QLDB. The role provides QLDB with write permissions in your specified Amazon S3 bucket.

Verify that you define an IAM policy that grants permission to perform the PassRole API operation on your specified IAM role resource for the QLDB service ( For a policy example, see Identity-based policy examples for Amazon QLDB.


Message: QLDB encountered an error validating S3 configuration: errorCode errorMessage

A possible cause for this error is that the provided Amazon S3 bucket doesn't exist in Amazon S3. Or, QLDB doesn't have enough permissions to write objects into your specified Amazon S3 bucket.

Verify that the S3 bucket name that you provide in your export job request is correct. For more information about bucket naming, see Bucket restrictions and limitations in the Amazon Simple Storage Service User Guide.

Also, verify that you define a policy for your specified bucket that grants PutObject and PutObjectAcl permissions to the QLDB service ( To learn more, see Export permissions.


Message: Unexpected response from Amazon S3 while validating the S3 configuration. Response from S3: errorCode errorMessage

The attempt to write journal export data into the provided S3 bucket failed with the provided Amazon S3 error response. For more information about possible causes, see Troubleshooting Amazon S3 in the Amazon Simple Storage Service User Guide.


Message: Amazon S3 bucket prefix must not exceed 128 characters

The prefix provided in the journal export request contains more than 128 characters.


Message: Start date must not be greater than end date

Both InclusiveStartTime and ExclusiveEndTime must be in ISO 8601 date and time format and in Coordinated Universal Time (UTC).


Message: End date cannot be in the future

Both InclusiveStartTime and ExclusiveEndTime must be in ISO 8601 date and time format and in UTC.


Message: The supplied object encryption setting (S3EncryptionConfiguration) is not compatible with an AWS Key Management Service (AWS KMS) key

You provided a KMSKeyArn with an ObjectEncryptionType of either NO_ENCRYPTION or SSE_S3. You can only provide a customer managed AWS KMS key for an object encryption type of SSE_KMS. To learn more about server-side encryption options in Amazon S3, see Protecting data using server-side encryption in the Amazon S3 Developer Guide.


Message: Exceeded the limit of 2 concurrently running Journal export jobs

QLDB enforces a default limit of two concurrent journal export jobs.