Follow

Cloud Storage (Amazon S3) IAM Permissions

When creating a Cloud Storage Server in NetBackup, AWS Keys are required. As many organizations are putting forth great effort to keep their environments secure, you may need to know the minimum AWS IAM Policy Permissions required for NetBackup access to Amazon S3 Storage.

 

The Following Permissions are required:

s3:CreateBucket
s3:ListAllMyBuckets
s3:ListBucket
s3:GetBucketLocation
s3:GetObject
s3:PutObject
s3:DeleteObject

 

 

Working Example:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "NBUMinimumPermissions",
            "Effect": "Allow",
            "Action": [
		s3:CreateBucket,
		s3:ListAllMyBuckets,
		s3:ListBucket,
		s3:GetBucketLocation,
		s3:GetObject,
		s3:PutObject,
		s3:DeleteObject
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

 

It is also possible to limit the AWS IAM User to one or more buckets. Keep in mind that while NetBackup has the ability to create new S3 Buckets, it will not be able to access these buckets unless they are explicitly added to the IAM Policy.

 

Working Example (Restricted to one or more S3 Buckets):

 

 


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "NBUMinimumPermissions",
            "Effect": "Allow",
            "Action": [
                s3:ListBucket,
                s3:GetBucketLocation,
                s3:GetObject,
                s3:PutObject,
                s3:DeleteObject
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*",
                "arn:aws:s3:::bucket-name-2",
                "arn:aws:s3:::bucket-name-2/*",
                "arn:aws:s3:::bucket-name-3",
                "arn:aws:s3:::bucket-name-3/*",
            ]
        },
        {
            "Sid": "ListAllBuckets",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:CreateBucket"				
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk