AWS S3 IAM Permissions for Office Backup

With IAM roles in AWS, you can access and control services. Managed M 365/Google backup needs several permissions to be able to communicate with your Amazon S3 storage account. These permissions can be given via the IAM Role.

To grant permissions sufficient for M 365/Google backup, proceed as follows:

  1. Open your AWS Management Console.
  2. In Roles, click Create New Role.
  3. Click Create Policy
  4. Click JSON, then paste the following policy:
{ 
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:DeleteBucket",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "iam:SimulatePrincipalPolicy",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "ses:*",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "sns:*",
"Resource": "*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"ec2:ImportInstance",
"ec2:ImportImage",
"ec2:DescribeInstances",
"ec2:MonitorInstances",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:TerminateInstances",
"ec2:ModifyInstanceAttribute",
"ec2:CreateTags",
"ec2:CancelImportTask",
"ec2:StartInstances",
"ec2:DescribeConversionTasks",
"ec2:DescribeImportImageTasks",
"ec2:ImportVolume",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:StopInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeImages",
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks",
"ec2:CreateVolume",
"ec2:CreateImage",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:CreateSnapshot",
"ec2:AttachVolume",
"ec2:DeregisterImage"
],
"Resource": "*",
"Condition": {}
}
]
}
  1. Review the policy and click Create Policy.
https://git.cloudberrylab.com/egor.m/doc-help-kb.git