CloudBerry Backup with AWS IAM Users

CloudBerry Backup and CloudBerry Explorer provide users with an ability to leverage the Amazon Identity and Access Management (IAM) service that allows you to create multiple users for one AWS account and specify access rights for each user or the set of users.

Creating an Amazon IAM user with CloudBerry Explorer

Use CloudBerry Explorer PRO to create AWS IAM user. You can download a fully functional trial version here, it is free for 15 days.

To start you’ll need an Amazon Web Services account configured in CloudBerry Explorer. You can learn how to do that in our video tutorial.

Step 1. Open CloudBerry Explorer PRO, navigate on Access Manager (IAM) on the toolbar and select New Policy Wizard.

explorer_manage_iam

Step 2. Select an AWS account you are going to work with.

select_iam_wizard

Step 3. Create your IAM user and come up with a name for it.

new_iam_user_field

Step 4. Set up permissions for your IAM user. Just choose an appropriate option. For example, purposes we’ve chosen to grant read and write to selected buckets access to our AWS IAM user. Note: if you don’t want your user to see a list of all of your S3 buckets, uncheck the “Allow the user to access to AWS console” box. It will provide you with a better security level.

new_policy_wizard

Step 5. Select the buckets to be used in this access policy.

list_of_buckets_script

Step 6. Preview or modify the created access policy script.

script_iamYou can find the full policy script by switching to the Policy Script tab.

full_policy_script

In our example, the script looks like this:

{ 

    "Version":"2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketAcl",
                "s3:GetBucketVersioning",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketLocation",
                "s3:GetBucketPolicy"  
            ],
            "Resource": [
                "arn:aws:s3:::alex_cloudberry",
                "arn:aws:s3:::alextestim",
                "arn:aws:s3:::test.cloudberry"
            ],
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectAcl",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectVersionAcl"
            ],
            "Resource": [
                "arn:aws:s3:::alex_cloudberry/*",
                "arn:aws:s3:::alextestim/*",
                "arn:aws:s3:::test.cloudberry/*"
            ],
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*",
            "Condition": {}
        }
    ]
}

Step 7. Proceed with the Policy Wizard. After all the steps are completed you'll see the summary window. Now you’ve created your IAM user with limited permissions.

To let this new user backup with CloudBerry Backup, you need to create Access and Secret Keys for him. Follow the next instruction of this article to generate access keys!

Creating Access Keys

Step 1. Open CloudBerry Explorer PRO, navigate on Access Manager (IAM) on the toolbar and select Access Manager.

explorer_manage_iam_manage

Step 2. Choose your AWS account.select_iam_userStep 3. Right click on your AWS IAM user and choose Manage Access Keys.

manage_iam_option

Step 4. In the opened window, click the Create button. Access Key and Secret Key for your IAM user will be generated automatically.

access_key

Step 5. Сopy your credentials to clipboard or save it to a file.

New_Access_Key

Applying IAM keys to CloudBerry Backup

Step 1. Launch CloudBerry Backup, click on the Menu Icon in the upper-left corner and click on the Add New Account button.

new_iam_account_cbb

Step 2. In the "Select Cloud Storage" dialog, click on the Amazon S3 icon.

amazon_s3_icon

Step 3. Give your account a name in "Display Name" field (you can type any name you want), specify your "Access Key / Secret Key" pair and select a storage bucket from the "Bucket name" drop-down menu.

amazon_new_settings

Now your CloudBerry Backup user will have access with configured permissions only to a specified location in your S3 account.