Below is a guide on how to:
- Configure multiple users with limited access to Amazon Glacier account using CloudBerry Explorer
- Generate individual Access and Secret Keys for each user in CloudBerry Explorer
- Сonfigure CloudBerry Backup to use AWS IAM user account.
Table of Contents
Use CloudBerry Explorer PRO to create AWS IAM user. You can download a fully functional trial version, it is free for 15 days.
To start you’ll need an Amazon Web Services account configured in CloudBerry Explorer. Having an Amazon Glacier account assigned with CloudBerry Explorer you can start creating your IAM user. Below are the steps you have to take:
1 Open CloudBerry Explorer PRO, go to “Access Manager (IAM)” and click on the “Access Manager”.
2 Select an Amazon Glacier account you are going to work with.
3 Create an IAM user by clicking on New User... button on the toolbar:
Type a username and click OK:
Note: you can create a group and use a group policy for every new user by assigning the user to the group (use New Group... toolbar button to create a group).
4 Set up permissions for the IAM user. Just click New Policy... toolbar button
Specify a policy name and select the IAM user from the drop-down list that you would like to set policy to.
Note: if you want to create a policy for a group, select Group in "Apply policy to" options.
To specify a policy script, click on Policy Script tab and copy-paste the following policy there:
"Statement": [
{
"Effect": "Allow",
"NotAction": "glacier:DeleteVault",
"Resource": "arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults/YOURVAULT",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "glacier:*",
"Resource": "arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults/YOURVAULT/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "glacier:ListVaults",
"Resource": "arn:aws:glacier:*:XXXXXXXXXXXX:vaults/*",
"Condition": {}
}
]
}
This is minimum required permissions for backup/restore using CloudBerry Backup - it grants read/write access to a certain vault to your IAM user. Note: to get ARN address (arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults/YOURVAULT) of your vault you can right-click on the vault being on left or right pane in CloudBerry Explorer and select Properties, then you will see Vault ARN (copy-paste it):
Click OK to create a policy.
5 After all the steps are completed, to let this user back up with MSP360 Backup you have to create Access and Secret Keys for it.
Creating Access Keys
1 In IAM Manager, right-click on your IAM user and select Manage Access Keys.
2 In the opened window click “Create” - Access Key and Secret Key for your IAM user will be generated automatically.
3 Сopy your credentials to the clipboard or save it to a file.
Applying IAM keys to MSP360 Backup
1 Open your MSP360 Backup. In the “File” menu choose “Amazon Glacier“ account:
2 Create a new account or edit the existing one.
3 In the opened window insert previously created Access and Secret Keys and drop-down the list of vaults so that you can select the one you are granted to work with.
4 Now your MSP360 Backup user will have access with configured permissions only to a specified location in your Amazon Glacier account.