If your bucket is private, you need to attach the S3 IAM role to the bucket policy; otherwise, the bucket will not appear in the S3 listing. To enable access to private S3 buckets, follow these steps:
Retrieve the S3 IAM Role for the AWS Workloads (CloudRanger) account.
Open the S3 bucket and go to the Permissions tab.
Edit the bucket policy.
Add the following statement to the bucket policy.
{
"Version": "2012-10-17",
"Id": "AllowCloudrangerBackup",
"Statement": [
{
"Sid": "DenyAllExceptIAMRole",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/*"
],
"Condition": {
"ArnNotEqualsIfExists": {
"aws:PrincipalArn": "arn:aws:iam::<acc_id>:role/cloudranger-s3-airgap-backup-<cr_acc_id>"
}
}
}
]
}
Click Save changes.