To reduce throttling and API limits, you can now use extra accounts or credentials during GIT and ADO restores.
CHANGELOG
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

AWS S3 IAM rules

This article explains how to integrate a bucket using IAM rules instead of an access/secret key.

IAM policy configuration

To increase security and eliminate the use of tokens, you can disable access/secret keys for your AWS buckets and use integration via IAM rules. This approach, however, has specific requirements— integrating a bucket using IAM rules involves creating an IAM policy accessible to Amazon EC2 and designating an EC2 instance that can communicate directly with the bucket.

Since the Xopero machine template is not available in EC2, you must create an instance using a supported operating system and install the Xopero worker on it.

The cloud worker cannot communicate with the bucket via IAM rules by default.

Steps for an AWS administrator:

  1. Create an IAM role accessible to EC2.

  2. Add a policy to the created role.

  3. Assign the role to the selected EC2 instance.

  4. Install the backup worker on the EC2 instance.

Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:"
],
"Resource": [
"arn:aws:s3:::[bucket_name]",
"arn:aws:s3:::[bucket_name]/",
"arn:aws:s3:::[bucket_name]/"
]
}
]
}

Enabling IAM authentication

In the Xopero ONE Management Service (XMS) admin panel, enable the Use Amazon IAM toggle and specify your EC2 worker in the Default worker section at the bottom.

Useful links and items

LogoPolicies and permissions in AWS Identity and Access Management - AWS Identity and Access ManagementAWS Identity and Access Management

Last updated