In this article:
Introduction
This article describes minimal permissions for the Amazon AWS S3 bucket required to use the bucket as backup storage in the Xopero ONE service. The policies provided below allow you to add your own AWS S3 storage to the Xopero ONE platform, store the backup data there and restore if needed.
AWS access key policy
IAM user whose access/secret key will be used to connect with AWS S3 storage must've following inline policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
S3 bucket policy
The bucket that will be used to store the data must've assigned following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::{account}:user/backup-user"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
}
]
}