Amazon S3 Storage Permissions
Note |
Make sure the account you are using has access to Amazon S3 buckets and folders. |
Permissions for S3 Standard and S3 Standard-IA Storage Classes
The following are required permissions to use Amazon S3 object storage repository (S3 Standard and S3 Standard-IA storage classes):
- For Amazon S3 object storage
{ |
- For a bucket
{ |
- For an object
{ |
For examples, see this Veeam KB article. For more information on permissions, see this Amazon article.
Permissions for S3 Glacier and S3 Glacier Deep Archive Storage Classes
The following are required permissions to use Amazon S3 object storage repository (S3 Glacier and S3 Glacier Deep Archive storage classes):
- For EC2 instance
{ "ec2:StartInstances", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateKeyPair", "ec2:DeleteKeyPair", "ec2:DescribeVpcs", "ec2:CreateVpc", "ec2:DeleteVpc", "ec2:DescribeSubnets", "ec2:CreateSubnet", "ec2:DeleteSubnet", "ec2:DescribeRouteTables", "ec2:CreateRouteTable", "ec2:DeleteRouteTable", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:DescribeInternetGateways", "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:DeleteInternetGateway", "ec2:DescribeSecurityGroups", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:DescribeConversionTasks", "ec2:DescribeInstanceTypes", "ec2:AuthorizeSecurityGroupIngress", "ssm:GetParameter" |
- For Amazon S3 object storage
{ } |
- For a bucket
{ "s3:ListBucketMultipartUploads", "s3:GetBucketObjectLockConfiguration" |
- For an object
{ "s3:ListMultipartUploadParts", "s3:RestoreObject", "s3:GetObjectVersion" |
Related Topics