IAM rules

In this article you will learn how to integrate a bucket using IAM rules (instead of Access / Secret Key).

To increase security and eliminate the use of tokens, you can disable the use of Access/Secret Keys for your buckets in AWS and use integration via IAM rules. However, this has some requirements. Integrating a bucket using IAM rules involves creating an IAM policy visible to EC2, and then designating a machine in the EC2 environment that can communicate directly with that bucket.

Unfortunately, the Xopero machine template is not available in EC2, so you have to create a machine based on a supported operating system and then install the GitProtect worker on created machine.

By default, the Cloud worker cannot communicate with the bucket via IAM rules.

Steps to follow as an AWS administrator:

Create a role in IAM visible to EC2.
Add a policy to the role.
Add the role to the selected EC2 instance.
Install the backup worker on this EC2 machine.

Policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:"
],
"Resource": [
"arn:aws:s3:::[bucket_name]",
"arn:aws:s3:::[bucket_name]/",
"arn:aws:s3:::[bucket_name]/"
]
}
]
}

Enabling IAM authentication

In the GitProtect panel, enable the "Use Amazon IAM" rules toggle and specify your EC2 worker in the "Default worker" section at the bottom.

PreviousBucket & IAM permissions NextWasabi

Last updated 1 day ago