Add AWS/S3 cloud account

Prerequisites

• In AWS, create an IAM role with the following permissions:

  • ec2:DeleteSnapshot
  • ec2:DescribeInstances
  • ec2:CreateTags
  • ec2:CreateSnapshots
  • ec2:DescribeVolumes
  • ec2:CreateSnapshot
  • ec2:DescribeRegions
  • ec2:DescribeSnapshots
  • ec2:CreateVolume

• When you try to create a backup using a cloud account, make sure either the bucket is already created, or your credentials include permissions to create a bucket. If a bucket is not already created, you must add the s3:CreateBucket permission to your IAM role.

• If Portworx is not yet installed on the cluster you wish to back up, you must add the following permissions to your IAM role:

  • s3:ListBucketMultipartUploads
  • s3:ListBucketVersions
  • s3:ListBucket
  • s3:GetBucketAcl
  • s3:GetBucketObjectLockConfiguration
  • s3:ListMultipartUploadParts
  • s3:PutObject
  • s3:GetObjectAcl
  • s3:GetObject
  • s3:ListAllMyBuckets
  • s3:GetObjectVersionAcl
  • s3:DeleteObject
  • s3:PutObjectAcl
  note

  To configure object lock in Portworx Backup, you need to enable additional permissions for the IAM role. For more information, refer to Prerequisites in Create object lock enabled backups.

Add AWS/S3 cloud account to Portworx Backup

Perform the following steps to add an AWS cloud account to Portworx Backup:

1. From the home page, select Settings, Cloud Settings to open the cloud settings page:

   

2. Select Add:

   

3. Choose AWS / S3 Compliant Object Store from the drop-down list:

   

4. Populate the fields in the Add Cloud Account page:

   • Enter a descriptive account name
   • In the Public Key field, add your S3 access key ID
   • In the Secret Key field, add your S3 secret access key

   

5. Click Add.