External Storage Permissions
If you want to create backup copy jobs and store backups in the following object storage types, make sure that your accounts have the required permissions:
Amazon S3 and S3 Compatible Permissions
Make sure the Amazon account you are using has access to Amazon buckets and folders.
Permissions for Amazon S3 or S3 compatible object storage depend on whether you use immutability:
- The following permissions are required to use Amazon S3 or S3 compatible object storage with immutability disabled:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketVersioning", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject" ], "Resource": "*" } ] } |
- The following permissions are required to use Amazon S3 or S3 compatible object storage with immutability enabled:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion" "s3:GetBucketLocation", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketVersioning", "s3:GetObject", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectVersion", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", ], "Resource": "*" } ] } |
Note |
To deploy S3 compatible object storage in multiple bucket mode, you must add the s3:CreateBucket and s3:DeleteBucket permissions to the list of permissions. |
Permissions for Amazon S3 Glacier object storage depend on whether you use immutability:
- The following permissions are required for Amazon S3 Glacier with immutability disabled:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketVersioning", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject", "s3:RestoreObject" ], "Resource": "*" } ] } |
- The following permissions are required for Amazon S3 Glacier with immutability enabled:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetBucketLocation", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketVersioning", "s3:GetObject", "s3:GetObjectRetention", "s3:GetObjectVersion", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:RestoreObject", ], "Resource": "*" } ] } |