Skip to content

Credentials

Credentials are required to access the backup location and perform backup and restore operations. Follow the steps described below to create a cloud credential that will be used for this.

For AWS S3

Configure IAM Policy

This policy will be attached to the IAM user or role and will be used for cluster backup.

  • In your AWS console, create an IAM policy using the JSON provided below.
  • Ensure that you update the bucket name to your S3 bucket name.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>"
            ]
        }
    ]
}

Option 1: Access Key

  • In your AWS console, navigate to IAM service and create an IAM user with only programmatic access
  • Attach the IAM policy above to the IAM user. This will grant the user permission to access the S3 bucket for cluster data backup
  • Download the "CSV" containing the "Access Key ID" and "Secret Access Key"

Important

For security reasons, this information is not accessible later in AWS. Ensure that you do not skip this step because we will require this information when we create a Cloud Credential in the Console.

  • On the controller, in the web console, navigate to Infrastructure -> Cloud Credentials
  • Create a New Credential, provide a name and select "Data Backup" for Type
  • Select Provider "AWS" and Credential Type "ACCESS_KEY"
  • Enter Access Key ID and Secret Key created in AWS above
  • Click "SAVE" to create the AWS Access Key credential to access your S3 bucket for cluster data backup

Add Credentials


Option 2: IAM Role

  • On the controller, in the web console, navigate to Infrastructure -> Cloud Credentials
  • Create a New Credential, provide a name and select type "Data Backup"
  • Select Provider "AWS" and Credential Type "ROLE"
  • Copy the Account ID and External ID when creating the IAM Role in your AWS console

  • In your AWS console, navigate to the IAM service

  • Create a new Role, select another AWS Account as the Type
  • Copy/Paste the Account ID from the Cloud Credential
  • Enable "Require External ID" and copy/paste the External ID from the Cloud Credential
  • Attach the S3 IAM policy above to the IAM role to grant the permission to access the S3 bucket
  • Click on the newly created role to view it
  • Copy the Role ARN

  • Go back to controller's web console and enter the Role ARN to the Cloud Credential

  • Click "SAVE" to create the AWS Role credential to access your S3 bucket for cluster data backup

Add Credentials


S3 Compatible Storage

  • Retrieve the Access Key ID and Secret Access Key to access your MINIO S3 compatible storage (Ensure this has both read and write permission to the bucket)
  • Go to controller's web console, and navigate to Infrastructure -> Cloud Credentials
  • Create a New Credential, provide a name and select Type "Data Backup"
  • Select Provider "MINIO" and Credential Type "ACCESS_KEY"
  • Enter Access Key ID and Secret Key above
  • Click "SAVE" to create the cloud credential to access the bucket for your cluster data backup

Add Credentials