Set Amazon S3 access policy to minimum permission

Amazon S3 access policy to minimum permission
Most admins will prefer to create, due to security reasons, accounts for any system with minimum privilieges.
So, now you might wonder how to create a user for Amazon S3 service that has minimum permissions in order to backup databases with SQLBackupAndFTP in a certain bucket and folder? It’s quite easy…

 Set Amazon S3 access policy to minimum permission

In order to do this, as we said, it’s quite easy. You just have to connect to your AWS Console and create a group. After that, specify a policy for the group and add a user to the group. Below are the detailed steps you have to make:

    • Log into AWS Console

In order to log into your AWS Console just go to the following link https://console.aws.amazon.com/console/home and log in with your e-mail and password.

If you do not have a user just select “I am a new user” which will take you through all the steps of creating a new user.

After logging in, you will see the navigation bar which will have a few menu items on it, at the top of your page. Looking at the right side, click your name and then go to the menu called “My Security Credentials”.

You might get a pop-up message saying that “You are accessing the configuration page for your root account credentials.”, go on and click “Get Started with IAM Users” in order to set up your security credentials.

On the other side of the page, on the left side, you will see a few items, “Groups”, “Users”, “Roles”, “Password Policy”. Let’s start by creating a group with security policy.

    • Create a security policy

To create a policy, click on the “Policies” at the left pan and create a new policy by clicking the “Create Policy” button.

At this point, we can enter a policy name and manually specify its characteristics. You can find a good user guide here. But, we’re aiming for a specific situation, so we can use this policy document:

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
      "s3:PutObject",
      "s3:GetObject",
      "s3:AbortMultipartUpload",
      "s3:DeleteObject",
      "s3:GetObjectVersion",
      "s3:ListMultipartUploadParts"
    ],
    "Resource": "arn:aws:s3:::test.pranas.net/*"
  },
  {
    "Sid": "VisualEditor1",
    "Effect": "Allow",
    "Action": [
      "s3:GetObject",
      "s3:ListBucketMultipartUploads",
      "s3:ListBucket",
      "s3:GetBucketVersioning",
      "s3:GetBucketLocation"
    ],
    "Resource": [
      "arn:aws:s3:::test.pranas.net/*",
      "arn:aws:s3:::test.pranas.net"
    ]
  },
  {
    "Sid": "VisualEditor2",
    "Effect": "Allow",
    "Action": [
      "s3:ListAllMyBuckets",
      "s3:HeadBucket"
    ],
     "Resource": "*"
   }
 ]
}

 Be aware that backup/sql/ is the path to your backup files in yourbucketname bucket.

    • Create a User

In order to create a new user, select “Users” which you can find on the left side of the AWS Console and then choose “Add Users”.

A new window will open pass 5 simple steps to create a user.

Step1. Enter the username. Let’s assume it’s called sqlbackupandftp -s3

Step2. Click on the “Attach existing policies directly” tab and choose the policy that was created earlier

Step3. Add tags (optional)

Step 4. Renew the settings

Step 5. The policy is successfully set to the user. Now you can use an Accesskey ID and a Secret access key to connect SQLbackupAndFTP to your Amazon S3.

Backup to Amazon S3 with SQLBackupAndFTP

Now, the process of backing up your database to Amazon S3 service is going to be detailed.

The process of backing up a database to Amazon S3 is allowed both in the Professional version of SQLBackupAndFTP and also the premium version. The Free version of SQLBackupAndFTP will allow you to use this feature only during trial mode.

In order to select the database that you want to backup, click the “plus” button at the “Store backups in selected destinations” section and choose the option corresponding to Amazon S3 in the popup window.

After this step, you will have to enter your Access Key and your Secret Key, that you already have since you saved them after creating the backup user for your Amazon S3 service. Also, add the name of the bucket and the path where your backups will be stored on Amazon’s S3 service.

Please remember to enter the correct path for where the backups will be placed, the one that you have allowed to be used for backups using AWS Console.

After all, this has been set up, continue by clicking the “Save & Close” button and now we will have a job that can be used to backup your databases to your backup destination on Amazon S3. You can at this point run the job by pressing the “Run Now” button.

This will trigger a popup window that will display the events that occur during the job, the progress of the job, and the success or failure of execution.