George Harker

Create a new group for backwp-users for acls

Create a new s3 bucket with no public access eg <BACKUPBUCKET>

Create an inline policy for the new iam group backwp-users

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Stmt1457967512000",
			"Effect": "Allow",
			"Action": [
				"s3:ListAllMyBuckets"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject",
				"s3:ListBucketMultipartUploads",
				"s3:AbortMultipartUpload",
				"s3:ListBucketVersions",
				"s3:ListBucket",
				"s3:DeleteObject",
				"s3:GetBucketLocation",
				"s3:ListMultipartUploadParts"
			],
			"Resource": [
				"arn:aws:s3:::<BACKUPBUCKET>",
				"arn:aws:s3:::<BACKUPBUCKET>/*"
			]
		}
	]
}

Create a new user in the group eg backwpup

Create an API key for the user and note it down (it is shown only once). Supply this to backwpup (both the secret and public key). Ensure you use the correct service region for the s3 bucket.

Leave a Reply

Your email address will not be published. Required fields are marked *