Using Amazon IAM account with CloudBerry Managed Backup Service

How to create IAM user with limited permissions

CloudBerry Managed Backup service allows to create an account with limited permissions using Amazon Identity and Access Management service. Such IAM user account can be used when Amazon S3 account contains sensitive information that can be accessed only by the account’s owner.

With Amazon Identity and Access Management you can use all of the CloudBerry Managed Backup features without any risk of unauthorized access to your sensitive data. This manual will help you create and configure Amazon IAM account with limited permissions and also explain how to use it with CloudBerry Managed Backup.

Let’s make it as simple as possible.

How to set up an IAM user via AWS console:

1) Go to IAM dashboard and choose the appropriate user;

2) Go to “Permissions” and choose “Create User Policy”.

3) Choose Custom Policy, then hit “Select”.

4) Specify your policy name, in the policy document set your policy for IAM user, then validate the policy and apply it.

5) The Policy should be available for a particular user.

IAM policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::your_bucket_name_goes_here",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::your_bucket_name_goes_here/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "sts:GetFederationToken",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "ses:*",
"Resource": "*",
"Condition": {}
}
]
}

Don’t forget to specify your bucket name where needed.