Amazon S3 Bucket via Access Point

About Amazon S3 Bucket

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.

Required permissions

• s3:PutObject - required, for backup archive upload to Amazon S3 bucket

• s3:GetObject - optional, for backup restore and instant download from Amazon S3 bucket

• s3:DeleteObject - optional, for retention policy, automatic removal of outdated backups from Amazon S3 bucket

• s3:PutObjectRetention - optional, required for the S3 Object Lock header x-amz-object-lock-mode

• s3:PutObjectLegalHold - optional, required for the S3 Object Lock header x-amz-object-lock-legal-hold

• s3:PutObjectTagging - optional, required for the S3 Object Tagging header x-amz-tagging

Set up Amazon S3 Bucket as a customer managed storage

To set up Amazon S3 Bucket Access Point as a storage for your backups, follow the steps below.

Create a new Amazon S3 Access Point storage

• Type a storage name in the Storage name field. Use a name that will help you identify this storage in the future.

• Select Amazon S3 AccessPoint from a Storage Provider dropdown:

Set up storage settings

Choose the settings for the storage:

• Deduplication type - enable or disable data deduplication. For more details, please refer to the Deduplication documentation

• Archive type - enable or disable archive password protection. For more details, please refer to the Password-Protected Archives documentation

• Archive name pattern - configure the archive name pattern, which is used to generate the name of the backup archive. For more details, please refer to the Archive Name Pattern documentation

Create Amazon S3 Bucket

To upload backups to Amazon S3 Bucket, you need to create a bucket. You can skip this step if you already have a bucket. You can find more information on how to create a bucket in the Amazon S3 documentation.

Cloudback needs the ARN of the bucket to access it. To find the ARN, click on the name of your bucket in the S3 console and open the Properties tab. Copy the ARN and paste it in the Step 1 field on the Cloudback site.

Apply bucket policy

After you type a bucket ARN in the Step 1 field, Cloudback will generate a bucket policy for you. The generated policy document is available in the Step 2 field. You need to apply this policy to the bucket to allow Cloudback to access it. For more information on how to apply the bucket policy, please refer to the corresponding Amazon S3 documentation page.

Create Amazon S3 Access Point

Cloudback accesses your Amazon S3 bucket using an Amazon S3 Access Point. You need to create a new Access Point in the AWS Management Console, and then paste the Access Point ARN in the Step 3 field. You can find more information on how to create an Access Point in the Amazon S3 documentation.

Apply access point policy

After you type an Access Point ARN in the Step 3 field, Cloudback will generate an access point policy for you. The generated policy document is available in the Step 4 field. You need to apply this policy to the access point to allow Cloudback to access it. For more information on how to apply the access point policy, please refer to the corresponding Amazon S3 documentation page.

Provide additional HTTP headers (Optional)

In the Step 5 field, you can provide additional HTTP headers to be used when uploading backups to the Amazon S3 bucket. The headers can be used to set the S3 Object Lock or S3 Object Tagging headers.

Save storage

Change the storage for a repository

Learn more

• Customer Managed Storages

• Dashboard Overview

• Repository Details

• Bulk Operations

• Replicating Backups