NetApp AltaVault Cloud Integrated Storage Administration Guide 249
Beta Draft
Bucket policies for AltaVault Amazon AWS IAM and S3 bucket policies
{
"Sid": "Stmt1394143790000",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:GetObject",
"s3:PutObject",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::bucket_name/*"
]
}
]
}
Bucket policies for AltaVault
Amazon S3 bucket policies can be configured to allow only specific users (including users outside the AWS account)
to access an S3 cloud bucket, and can be used in conjunction with IAM user policies. AltaVault requires that the cloud
bucket (configured in the AltaVault management console under Configure > Cloud Settings) allows access by the IAM
user configured for AltaVault. No access by any other user is required.
AltaVault requires a set of permissions in the bucket policy similar to the set of permissions for an IAM policy, with
the exception of s3:ListAllMyBuckets and s3:CreateBucket, which are not relevant at the bucket level.
Sample of bucket policy
Below is a sample of the bucket policy:
{
"Id": "Policy1394662102999",
"Statement": [
{
"Sid": "Stmt1394661890920",
"Action": [
"s3:GetBucketLocation",
"s3:GetLifecycleConfiguration",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutLifecycleConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket_name",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/user_name"
]
}
},
{
"Sid": "Stmt1394661925663",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:GetObject",
To Next Page
Loading...
