Granular permissions for IAM user for CloudBerry Backup
Product: CloudBerry Backup
Versions: Any
Product type: Standalone
Platform: Windows, Linux, Mac OS X
Created at: Jul 26, 2016
Updated at: Oct 21, 2016
Author:
Problem
Configuring your CloudBerry Backup product for the backup and restore operations you may face with insufficient permissions for IAM user case what cause “You are not authorize to perform this operation” issue, no data / files shown in “Backup storage” tab of your product.
Resolution
The easiest (and this is probably over 50% our customers doing) is to enable “AdministratorAccess” or “AmazonS3FullAccess”, but it is better to have granular permissions with only selected policies required for Cloudberry Backup software. Follow the below guide to have your user setup accordingly.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketVersioning",
"s3:GetBucketRequestPayment",
"s3:GetBucketLocation",
"s3:GetBucketPolicy"
],
"Resource": "arn:aws:s3:::your_bucket_name_goes_here",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": "arn:aws:s3:::your_bucket_name_goes_here/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}Nota bene!
Please change the “your_bucket_name_goes_here” to your bucket name.
