Introduction

This article describes minimal permissions for the Amazon AWS S3 bucket required to use the bucket as backup storage in the Xopero ONE service. The policies provided below allow you to add your own AWS S3 storage to the Xopero ONE platform, store the backup data there and restore if needed.

AWS access key policy

IAM user whose access/secret key will be used to connect with AWS S3 storage must've following inline policy:

{
     "Version": "2012-10-17",
     "Statement": [
          {
               "Effect": "Allow",
               "Action": "s3:ListAllMyBuckets",
               "Resource": "arn:aws:s3:::*"
          }
     ]
}

S3 bucket policy

The bucket that will be used to store the data must've assigned following policy:

{
     "Version": "2012-10-17",
     "Statement": [
          {
               "Effect": "Allow",
               "Principal": {
                    "AWS": "arn:aws:iam::{account}:user/backup-user"
          },
               "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
               ],
               "Resource": [
                    "arn:aws:s3:::bucket-name",
                    "arn:aws:s3:::bucket-name/*"
               ]
          }
     ]
}

Articles in this section

What are the minimal permissions required to use Amazon AWS S3 storage?

In this article:

Introduction

AWS access key policy

S3 bucket policy