Permissions
This article contains minimal permissions for the Wasabi bucket required to use the bucket as backup storage in the GitProtect service. The policies provided below allow you to add your own Wasabi storage to the GitProtect platform, store the backup data there and restore it if needed.
Wasabi bucket policy
Access keys are generated per Wasabi account user. You can check the list of access keys after logging in to your account in the Access Keys tab.
In order to create a new user account or edit the rights of an existing one, go to the Users tab. Select WasabiReadOnlyAccess and WasabiWriteOnlyAccess on the form for adding a new account or editing, in the Policies section.
Support for Immutable Storage
If you want to use the Immutable storage, the following permissions are required:
s3:GetBucketObjectLockConfiguration - required to read Object Lock
configuration.s3:GetBucketVersioning - required to read the versioning configuration.
Remember, that the Immutable Storage configuration is available only when creating the new bucket - there is no option to enable Immutable Storage in an already existing bucket!
Retention and/or versioning enabled for the bucket may result in the storage of additional data. It is recommended that the retention in GitProtect be longer than the one set for storage. Otherwise, it may lead to storage being overloaded!
It must be added to the Action section, and after the changes, the section must look like the below:
More details about how to create or edit a bucket policy available on Wasabi documentation:
To see more about S3 Immutable storage, visit: https://wasabi.com/objectlock/
The example policy configuration
where:
arn:aws:iam::100000176259:user/xone-storage - the Wasabi user
arn:aws:s3:::xopero-test - Wasabi bucket
Last updated
