# Amazon S3 Bucket via Access Point ## About Amazon S3 Bucket Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. ## Required permissions * **s3:PutObject** - required, for backup archive upload to Amazon S3 bucket * **s3:GetObject** - optional, for backup restore and instant download from Amazon S3 bucket * **s3:DeleteObject** - optional, for retention policy, automatic removal of outdated backups from Amazon S3 bucket * **s3:PutObjectRetention** - optional, required for the [S3 Object Lock](https://docs.cloudback.it/security-and-compliance/amazon-s3-object-lock) header `x-amz-object-lock-mode` * **s3:PutObjectLegalHold** - optional, required for the [S3 Object Lock](https://docs.cloudback.it/security-and-compliance/amazon-s3-object-lock) header `x-amz-object-lock-legal-hold` * **s3:PutObjectTagging** - optional, required for the [S3 Object Tagging](https://docs.cloudback.it/supported-storages/amazon-s3-object-tagging) header `x-amz-tagging` ## Set up Amazon S3 Bucket as a customer managed storage To set up Amazon S3 Bucket Access Point as a storage for your backups, follow the steps below. ### Create a new Amazon S3 Access Point storage * Open the [Cloudback Dashboard](https://app.cloudback.it/) * Navigate to the `Storages` page by clicking on the `Storages` link in the left-side navigation pane * Click on the `Add a new storage` button: ![Add new storage](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-48c773c5876576956efc547df9c59cfec230772b%2Fcustomer-managed-storages.png?alt=media) * Type a storage name in the `Storage name` field. Use a name that will help you identify this storage in the future. * Select `Amazon S3 AccessPoint` from a Storage Provider dropdown: ![Amazon S3 AccessPoint storage settings](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-04a91186053819974d695e0071ad6125ca11a130%2Fcreate-new-storage-aws-access-point.png?alt=media) ### Set up storage settings Choose the settings for the storage: * **Deduplication type** - enable or disable data deduplication. For more details, please refer to the [Deduplication](https://docs.cloudback.it/managing-backups/data-deduplication) documentation * **Archive type** - enable or disable archive password protection. For more details, please refer to the [Password-Protected Archives](https://docs.cloudback.it/security-and-compliance/password-protected-archives) documentation * **Archive name pattern** - configure the archive name pattern, which is used to generate the name of the backup archive. For more details, please refer to the [Archive Name Pattern](https://docs.cloudback.it/managing-backups/archive-name-pattern) documentation ### Create Amazon S3 Bucket To upload backups to Amazon S3 Bucket, you need to create a bucket. You can skip this step if you already have a bucket. You can find more information on how to create a bucket in the [Amazon S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html). Cloudback needs the ARN of the bucket to access it. To find the ARN, click on the name of your bucket in the S3 console and open the `Properties` tab. Copy the ARN and paste it in the `Step 1` field on the Cloudback site. ### Apply bucket policy After you type a bucket ARN in the `Step 1` field, Cloudback will generate a bucket policy for you. The generated policy document is available in the `Step 2` field. You need to apply this policy to the bucket to allow Cloudback to access it. For more information on how to apply the bucket policy, please refer to the corresponding [Amazon S3 documentation page](https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html). ### Create Amazon S3 Access Point Cloudback accesses your Amazon S3 bucket using an Amazon S3 Access Point. You need to create a new Access Point in the AWS Management Console, and then paste the Access Point ARN in the `Step 3` field. You can find more information on how to create an Access Point in the [Amazon S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html). ### Apply access point policy After you type an Access Point ARN in the `Step 3` field, Cloudback will generate an access point policy for you. The generated policy document is available in the `Step 4` field. You need to apply this policy to the access point to allow Cloudback to access it. For more information on how to apply the access point policy, please refer to the corresponding [Amazon S3 documentation page](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-manage.html#edit-access-point-policy). ![Setting up Amazon S3 AccessPoint storage](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-04a91186053819974d695e0071ad6125ca11a130%2Fcreate-new-storage-aws-access-point.png?alt=media) ### Provide additional HTTP headers (Optional) In the `Step 5` field, you can provide additional HTTP headers to be used when uploading backups to the Amazon S3 bucket. The headers can be used to set the [S3 Object Lock](https://docs.cloudback.it/security-and-compliance/amazon-s3-object-lock) or [S3 Object Tagging](https://docs.cloudback.it/supported-storages/amazon-s3-object-tagging) headers. ### Save storage Click on `Save` button to save the new storage. You can also use a `Test` button to check if the storage is configured correctly. After saving the storage, you can use it for storing backups of your repositories. All storage settings can be changed later in the `Storages` page. To edit the storage settings, click on the `Edit` button next to the storage you want to edit. ## Change the storage for a repository You can change the storage for a particular repository in the [Repository Details](https://docs.cloudback.it/dashboard/repository-details) page. Also, you can assign it to multiple repositories through the [Bulk Operations](https://docs.cloudback.it/managing-backups/bulk-operations). ## Learn More * [Customer Managed Storages](https://docs.cloudback.it/storage-configuration/customer-managed-storages) * [Dashboard Overview](https://docs.cloudback.it/dashboard/dashboard-overview) * [Repository Details](https://docs.cloudback.it/dashboard/repository-details) * [Bulk Operations](https://docs.cloudback.it/managing-backups/bulk-operations) * [Replicating Backups](https://docs.cloudback.it/storage-configuration/replicating-backups)