circle-check
Xopero ONE version 2.1.0 is now available. This release introduces Jira granular backup and additional improvements.
CHANGELOGchevron-right
search
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

IAM rules

This article explains how to integrate a bucket using IAM rules instead of an access/secret key.

hashtag
IAM policy configuration

To increase security and eliminate the use of tokens, you can disable access/secret keys for your AWS buckets and use integration via IAM rules. This approach, however, has specific requirements—integrating a bucket using IAM rules involves creating an IAM policy accessible to Amazon EC2 and designating an EC2 instance that can communicate directly with the bucket.

Since the Xopero machine template is not available in EC2, you must create an instance using a supported operating system and install the Xopero worker on it.

circle-exclamation

The cloud worker cannot communicate with the bucket via IAM rules by default.

Steps for an AWS administrator:

  1. Create an IAM role accessible to EC2.

  2. Add a policy to the created role.

  3. Assign the role to the selected EC2 instance.

  4. Install the backup worker on the EC2 instance.

Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:"
],
"Resource": [
"arn:aws:s3:::[bucket_name]",
"arn:aws:s3:::[bucket_name]/",
"arn:aws:s3:::[bucket_name]/"
]
}
]
}

hashtag
Enabling IAM authentication

In the Xopero ONE Management Service (XMS) admin panel, enable the Use Amazon IAM toggle and specify your EC2 worker in the Default worker section at the bottom.

hashtag
Useful links and items

LogoPolicies and permissions in AWS Identity and Access Management - AWS Identity and Access ManagementAWS Identity and Access Managementchevron-right

Last updated