Before an Amazon S3 or Wasabi bucket can be used as an External Replication destination, the user permission policy must be set accordingly. The user must modify the user permission policy according to the steps below in order to allow Egnyte to replicate the data to a Amazon S3 or Wasabi bucket.
- For User Permission Policies, find the Identity and Access Management (IAM) Dashboard and navigate to Policies. It is recommended creating a policy specifically for Egnyte
- Create a new policy with the basic permissions listed here. Either choose JSON and copy-paste the JSON block below into the editor or choose Visual and select the necessary permissions. Be sure to replace {bucket_name} with the bucket’s name. Once created, assign the user this permissions policy. Create it with a name, so that it can be easily located later
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket", "s3:DeleteObject", "s3:PutObjectAcl" "s3:GetBucketLocation", "s3:GetObjectAttributes", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::{bucket_name}", "arn:aws:s3:::{bucket_name}/*" ] }, { "Sid": "ListAllMyBucketsPolicy", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] } ] } - Navigate to IAM > Users. Either create a new user for this policy or choose an existing user and add a policy to it.
- Go to permission policies for the user and choose Add permissions
- Add the permissions by attaching the policy to the user. Do this by searching for the policy previously created
- The Amazon S3 or Wasabi bucket can now be added as a Replication destination