BUCKET=<YOUR_BUCKET> REGION=<YOUR_REGION> aws s3api create-bucket \ --bucket $BUCKET \ --region $REGION \ --create-bucket-configuration LocationConstraint=$REGION
Create the IAM user:
aws iam create-user --user-name <user-name>
For backup of multiple clusters with multiple S3 buckets, create a unique username per cluster.
Attach policies to give Appranix the necessary permissions:
cat > appranix-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::${BUCKET}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${BUCKET}"
]
}
]
}
EOF
aws iam put-user-policy \
--user-name <user-name> \
--policy-name <policy-name> \
--policy-document file://appranix-policy.json
Create an access key for the user:
aws iam create-access-key --user-name <user-name>
The result should look like:
{
"AccessKey": {
"UserName": "<user-name>",
"Status": "Active",
"CreateDate": "2022-01-31T12:21:11.516Z",
"SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
"AccessKeyId": <AWS_ACCESS_KEY_ID>
}
}