How to Create a Secure IAM Policy for Connection to S3 Object Storage
Purpose
This article documents how to create a secure IAM policy to connect to the S3 bucket used as an object storage repository in Veeam Backup for Microsoft 365 for storing backup data.
Solution
The following permissions will allow Veeam Backup for Microsoft 365 to access the S3 bucket to save and load data to and from an object storage repository.
Note: Replace yourbucketname (lines 21 and 37) with the actual bucket name.
Note: Replace yourbucketname (lines 21 and 37) with the actual bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketVersioning",
"s3:ListBucketVersions"
],
"Resource": "arn:aws:s3:::yourbucketname"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:RestoreObject",
"s3:GetObjectVersion",
"s3:GetObjectRetention",
"s3:PutObjectRetention",
"s3:DeleteObjectVersion"
],
"Resource": "arn:aws:s3:::yourbucketname/*"
}
]
}
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.