To reduce throttling and API limits, you can now use extra accounts or credentials during GIT and ADO restores.
CHANGELOG
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

Permissions

This article outlines the minimum permissions needed to use an AWS S3 bucket as backup storage for Xopero ONE. The policies below enable you to integrate your AWS S3 storage with Xopero ONE.

AWS bucket policy

The bucket that will be used to store the data must have the following policy (JSON) assigned:

{
     "Version": "2012-10-17",
     "Statement": [
          {
               "Effect": "Allow",
               "Principal": {
                    "AWS": "arn:aws:iam::{account}:user/backup-user"
          },
               "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
                
               ],
               "Resource": [
                    "arn:aws:s3:::bucket-name",
                    "arn:aws:s3:::bucket-name/*"
               ]
          }
     ]
}

Support for immutable storage

Remember that immutable storage configuration is available only when creating a new bucket— there is no option to enable it for an existing bucket.

Enabling retention and/or versioning for the bucket may result in additional data being stored— it is recommended that the retention period in Xopero ONE be longer than the one set for the storage. Otherwise, this may lead to storage overload.

If you want to use immutable storage, the following permissions are required:

It must be added to the Action section, and after the changes, the section should look as shown below:

Useful links and items

LogoAdding a bucket policy by using the Amazon S3 console - Amazon Simple Storage ServiceAmazon Simple Storage Service
LogoAWS Security Incident Response Technical Guide - AWS Security Incident Response User GuideAWS Security Incident Response User Guide

Last updated