How to securely configure AWS S3

Owned by Gabriel Inaldo Alcántara Moreno
Last updated: dic 04, 2024
2 min read

In the following code, you will find an example of permission configuration to access AWS S3. The information you need to fill out is as follows:

  • {{BUTCKET-NAME}} → It is the name of the bucket where you want the backup files to be uploaded.

  • {{ARN-NUMBER}} → Identifier of the user who owns the Access Key ID and the Secret Access Key

  • {{USER-NAME}} → User who owns the Access Key ID and the Secret Access Key, It is usually an email.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "deny-public-create-delete-objects", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": [ "s3:DeleteObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::{{BUTCKET-NAME}}/*", "Condition": { "ForAnyValue:ArnNotEquals": { "aws:PrincipalArn": [ "arn:aws:iam::{{ARN-NUMBER}}:user/{{USER-NAME}}" ] } } }, { "Sid": "deny-public-bucket-access", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::{{BUTCKET-NAME}}", "Condition": { "ForAnyValue:ArnNotEquals": { "aws:PrincipalArn": [ "arn:aws:iam::{{ARN-NUMBER}}:user/{{USER-NAME}}" ] } } }, { "Sid": "allow-public-get-objects", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::{{BUTCKET-NAME}}/*" } ] }

Once you have configured AWS S3, you will be able to verify the correct integration from the plugin.

image-20241204-094725.png

If an error occurs, you will receive a detailed message explaining the cause of it.

image-20241204-094913.png
Butcket does not exists