Portworx
PORTWORX.COM

AWS/S3 compliant object store

Prerequisites

  • In AWS, create an IAM role with the following permissions:

    • ec2:DeleteSnapshot
    • ec2:DescribeInstances
    • ec2:CreateTags
    • ec2:CreateSnapshots
    • ec2:DescribeVolumes
    • ec2:CreateSnapshot
    • ec2:DescribeRegions
    • ec2:DescribeSnapshots
    • ec2:CreateVolume

  • When you try to create a backup using a cloud account, make sure either the bucket is already created, or your credentials include permissions to create a bucket. If a bucket is not already created, you must add the s3:CreateBucket permission to your IAM role.

  • If Portworx is not yet installed on the cluster you wish to back up, you must add the following permissions to your IAM role:

    • s3:ListBucketMultipartUploads
    • s3:ListBucketVersions
    • s3:ListBucket
    • s3:GetBucketAcl
    • s3:ListMultipartUploadParts
    • s3:PutObject
    • s3:GetObjectAcl
    • s3:GetObject
    • s3:ListAllMyBuckets
    • s3:GetObjectVersionAcl
    • s3:DeleteObject
    • s3:PutObjectAcl
    NOTE: To configure object lock in Portworx Backup, you need to enable additional permissions for the IAM role. For more information, refer to Prerequisites in Create object lock enabled backups.

Add an AWS cloud account to Portworx Backup

Perform the following steps to add an AWS cloud account to Portworx Backup:

  1. From the home page, select Settings, Cloud Settings to open the cloud settings page:

    Cloud settings

  2. Select Add:

    Add new cloud account

  3. Choose AWS / S3 Compliant Object Store from the drop-down list:

    Select AWS

  4. Populate the fields in the Add Cloud Account page:

    • Enter a descriptive account name
    • In the Public Key field, add your S3 access key ID
    • In the Secret Key field, add your S3 secret access key

    Populate the fields

  5. Click Add.

Last edited: Tuesday, Nov 29, 2022
Questions? Visit the Portworx forum.