External Storage Permissions

If you want to create backup copy jobs and store backups in the following object storage types, make sure that your accounts have the required permissions:

Amazon S3 and S3 Compatible
Amazon S3 Glacier

Amazon S3 and S3 Compatible Permissions

Make sure the Amazon account you are using has access to Amazon buckets and folders.

Permissions for Amazon S3 or S3 compatible object storage depend on whether you use immutability:

The following permissions are required to use Amazon S3 or S3 compatible object storage with immutability disabled:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"s3:DeleteObject",

"s3:GetBucketLocation",

"s3:GetBucketObjectLockConfiguration",

"s3:GetBucketVersioning",

"s3:GetObject",

"s3:ListAllMyBuckets",

"s3:ListBucket",

"s3:PutObject"

"Resource": "*"

}

]

}

The following permissions are required to use Amazon S3 or S3 compatible object storage with immutability enabled:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"s3:DeleteObject",

"s3:DeleteObjectVersion"

"s3:GetBucketLocation",

"s3:GetBucketObjectLockConfiguration",

"s3:GetBucketVersioning",

"s3:GetObject",

"s3:GetObjectLegalHold",

"s3:GetObjectRetention",

"s3:GetObjectVersion",

"s3:ListAllMyBuckets",

"s3:ListBucket",

"s3:ListBucketVersions",

"s3:PutObject",

"s3:PutObjectLegalHold",

"s3:PutObjectRetention",

"Resource": "*"

}

]

}

Note

To deploy S3 compatible object storage in multiple bucket mode, you must add the s3:CreateBucket and s3:DeleteBucket permissions to the list of permissions.

Amazon S3 Glacier Permissions

Permissions for Amazon S3 Glacier object storage depend on whether you use immutability:

The following permissions are required for Amazon S3 Glacier with immutability disabled:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"s3:AbortMultipartUpload",

"s3:DeleteObject",

"s3:GetBucketLocation",

"s3:GetBucketObjectLockConfiguration",

"s3:GetBucketVersioning",

"s3:GetObject",

"s3:ListAllMyBuckets",

"s3:ListBucket",

"s3:PutObject",

"s3:RestoreObject"

"Resource": "*"

}

]

}

The following permissions are required for Amazon S3 Glacier with immutability enabled:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"s3:AbortMultipartUpload",

"s3:DeleteObject",

"s3:DeleteObjectVersion",

"s3:GetBucketLocation",

"s3:GetBucketObjectLockConfiguration",

"s3:GetBucketVersioning",

"s3:GetObject",

"s3:GetObjectRetention",

"s3:GetObjectVersion",

"s3:ListAllMyBuckets",

"s3:ListBucket",

"s3:ListBucketVersions",

"s3:PutObject",

"s3:PutObjectLegalHold",

"s3:PutObjectRetention",

"s3:RestoreObject",

"Resource": "*"

}

]

}