If you are taking advantage of one of our Additional Backup packages and would like us to place your Additional Backups in S3 you will need to create an IAM user for us.
We recommend an AWS security model based on Least Privilege Access.
The following JSON IAM Policy will grant a User the minimum required privileges to add files to an S3 location under your control.
----------------------------------------------------
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::bucketname",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::bucketname/path/to/directory/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
-------------------------------------------------
Then we will just need to know:
- The Access Key ID for the IAM User you would like us to use.
- The Secret Access Key for the IAM User you would like us to use.
- The type of Encryption you would like us to use when putting objects into S3 (None, Default, or Custom KMS).
- The Storage Class you would like us to use (Standard, Infrequent Access, etc).
- The Name of the S3 Bucket you would like us to use.
- The Path to the location in S3 you would like us to use.
- What time of the day, and what day of the week, you would like this backup to run. If you don't have any preference, that's fine.
