Skip to main content

Enable private S3 buckets

Updated this week

If your bucket is private, you need to attach the S3 IAM role to the bucket policy; otherwise, the bucket will not appear in the S3 listing. To enable access to private S3 buckets, follow these steps:

  1. Retrieve the S3 IAM Role for the AWS Workloads (CloudRanger) account.

    1. Go to AWS Account > IAM > Roles.

    2. Search using the CloudRanger Account ID.

    3. Copy the ARN of the S3 Airgap Backup Role.


  2. Open the S3 bucket and go to the Permissions tab.

  3. Edit the bucket policy.

  4. Add the following statement to the bucket policy.
    {

    "Version": "2012-10-17",

    "Id": "AllowCloudrangerBackup",

    "Statement": [

    {

    "Sid": "DenyAllExceptIAMRole",

    "Effect": "Deny",

    "Principal": "*",

    "Action": "s3:*",

    "Resource": [

    "arn:aws:s3:::<bucket_name>",

    "arn:aws:s3:::<bucket_name>/*"

    ],

    "Condition": {

    "ArnNotEqualsIfExists": {

    "aws:PrincipalArn": "arn:aws:iam::<acc_id>:role/cloudranger-s3-airgap-backup-<cr_acc_id>"

    }

    }

    }

    ]

    }

  5. Click Save changes.

Did this answer your question?