AWS S3 Storage
This page describes the configuration options for the S3 Storage resource. The S3 Storage resource is used to configure an AWS S3 bucket as a storage backend.
Configuring the bucket
To configure the bucket, you need to specify the bucket name and the region.
apiVersion: kannika.io/v1alphakind: Storagemetadata: name: s3-storagespec: s3: bucket: my-bucket region: us-east-1 prefix: /path/to/directory # Optional description: "This is an S3 bucket" # OptionalConfiguring authentication to the S3 bucket
Please see the section on AWS Authentication for information on how to configure access to the S3 Storage.
The following permissions are required for backup processes:
s3:Put*: required to write backup data and leases.s3:Get*: required to read backup data and leases.s3:List*: required to list contents of the bucket.s3:Delete*: required to remove any leases that are created by the backup process.
The following permissions are required for restore processes:
s3:Get*: required to read backup data and leases.s3:List*: required to list the contents of the bucket.
Depending on your setup, you may need to configure the following IAM policy for the S3 bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "arn:aws:iam::<uid>:user/<username>"
},
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"s3:Put*",
"s3:Delete*"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/*"
]
}
]
}Replace the <uid> and <username> with the appropriate values for your IAM user.
The <bucket_name> should be replaced with the name of your S3 bucket.
Configuring a data retention policy
A retention policy to delete old data can be configured in a Backup.
Make sure the bucket has no lifecycle policy susceptible to delete or move files, or it might interfere with Armory’s own book keeping.