• Private
    0
    Hello,
    I have an AWS account with multiple buckets. One computer should not be allowed to access or ideally even see any other buckets.

    Can I set up CloudBerry Backup access to a single S3 bucket and provide keys only to that bucket but not to the entire AWS account?

    Can I set it up so that only one bucket is visible and no other buckets are visible, even their names?

    If not possible, even if names of other buckets are visible, can i restrict access to only one bucket so that no contents of other buckets would be accessible (not even see the file names)

    Thank you
  • gxvigo
    0
    Hi,
    This IAM policy will allow CloudBerry to list all buckets and only access the <my-bucket>

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "s3:GetObject",
    "s3:ListBucket",
    "s3:PutObject",
    "s3:Describe*",
    "s3:PutObjectAcl",
    "s3:AbortMultipartUpload",
    "s3:ListBucketMultipartUploads",
    "s3:ListMultipartUploadParts",
    "s3:RestoreObject"
    ],
    "Resource": [
    "arn:aws:s3:::<my-bucket>",
    "arn:aws:s3:::<my-bucket>/*"
    ]
    },
    {
    "Effect": "Allow",
    "Action": [
    "s3:ListAllMyBuckets"
    ],
    "Resource": [
    "*"
    ]
    }
    ]
    }

    If you don't want to list all buckets, remove the second json statement (ListAllMyBuckets)
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment