Operational Defect Database
BugZero found this defect 1490 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb3151
How to Create Secure IAM Policy for Connection to S3 Object Storage
Last update date:
1/2/2024
Affected products:
Veeam Backup & Replication
Affected releases:
ALL
Fixed releases:
No fixed releases provided.
Description:
Challenge
How to create a secure IAM policy to connect to the S3 bucket where backup data is to be stored (Veeam Backup Object Repository).
Solution
There are two policies to choose from. The first policy is for use when immutability is not used for the cloud tier. The second policy is for use when immutability is used for the cloud tier. Non-Immutable Buckets Use the following JSON for non-immutable buckets to create an IAM Policy. These permissions will allow the Veeam Backup Service to access the S3 repository to save/load data to/from an object repository. Starting with Veeam Backup & Replication 11a, the ListAllMyBuckets permission is not required if you manually enter the bucket name on the Bucket step of the New Object Repository wizard. Note: Replace yourbucketname (lines 16 and 17) with the actual bucket name.
More Information
How to create an IAM policy in the AWS Management Console How can I restrict access to my Amazon S3 bucket using specific VPC endpoints or IP addresses?
