DataStax Help Center

OpsCenter backups with Amazon S3 server-side encryption fails with "AWS error HTTP/1.1 failed with code 400"


This article discusses a known issue with OpsCenter backups to Amazon S3 buckets with S3 server-side encryption enabled.


When attempting to backup SSTables to AWS S3, the backup fails for some tables. Below is a sample warning entry from a node's agent.log running OpsCenter agent 5.2.4:

WARN [async-dispatch-4] 2016-03-01 16:19:57,182 Transfer failed, \
retrying \
request PUT \
HTTP/1.1 failed with code 400, \
error: AWSError{requestId='...', requestToken='...', code='InvalidArgument', \
message='x-amz-server-side-encryption header is not supported for this operation.',\
context='{ArgumentValue=AES256, ArgumentName=x-amz-server-side-encryption, HostId=...=}'}


When using the OpsCenter to backup sstables to S3 with server-side encryption enabled, the x-amz-server-side-encryption header is added to the S3 PUT request to upload a file.

For large sstables which are broken up into multiple parts, the x-amz-server-side-encryption header is added to all succeeding parts of the upload incorrectly when it should only be added to the initial upload request to S3. Since the x-amz-server-side-encryption header is not expected after the initial upload request, the upload of the remaining parts of the file are rejected by S3.

This issue is logged internally as OPSC-7247.


Disable S3 server-side encryptions in OpsCenter to allow files to be saved to S3 buckets if using OpsCenter version 5.2.x.


OPSC-7247 was resolved in OpsCenter 6.0.0. Please upgrade to the latest version of OpsCenter to take advantage of the fix.

See also

DataStax doc - OpsCenter enable server-side S3 encryption

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


Powered by Zendesk