Skip to main content

Limit S3 Access / Scope via IAM policy

S3 IAM Policy, S3 Permissions, Limit S3 Scope, Only grant limited access.

Islam Essam avatar
Written by Islam Essam
Updated over 2 years ago

To create an S3 storage user for SimpleBackups, the following minimum permissions are required to be available on the backup bucket of your choice:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:CompleteMultipartUpload",
                "s3:CreateMultipartUpload",
                "s3:ListMultipartUploadParts",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::MY_BACKUPS_BUCKET/*",
                "arn:aws:s3:::MY_BACKUPS_BUCKET"
            ]
        }
    ]
}

The policy above can be used to only allow SimpleBackups to work on the backups bucket of your choice.

Don't forget to change MY_BACKUPS_BUCKET to the actual buckets you create for backups.

Note:

The following permissions are needed for cleaning up uncompleted uploads and save storage space.

  • s3:AbortMultipartUpload

  • s3:CompleteMultipartUpload

  • s3:CreateMultipartUpload

  • s3:ListMultipartUploadParts

  • s3:ListBucketMultipartUploads

Did this answer your question?