Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
CloudBerry Backup featured image

MSP360 Backup with AWS IAM Users

MSP360 Backup with AWS IAM Users

MSP360 Backup and MSP360 Explorer provide users with an ability to leverage the Amazon Identity and Access Management (IAM) service that allows you to create multiple users for one AWS account and specify access rights for each user or the set of users. Creating an Amazon IAM user with MSP360 ExplorerUse MSP360 Explorer PRO to create AWS IAM user. You can download a fully functional trial version, it is free for 15 days.

To start you’ll need an Amazon Web Services account configured in MSP360 Explorer. You can learn how to do that in our video tutorial.

1Open MSP360 Explorer PRO, navigate on Access Manager (IAM) on the toolbar and select New Policy Wizard.
New Policy Wizard

2Select an AWS account you are going to work with.
Select an AWS account

3Create your IAM user and come up with a name for it.
Create your IAM user

4Set up permissions for your IAM user. Just choose an appropriate option. For example, purposes we’ve chosen to grant read and write to selected buckets access to our AWS IAM user. Note: if you don’t want your user to see a list of all of your S3 buckets, uncheck the “Allow the user to access to AWS console” box. It will provide you with a better security level.
uncheck the “Allow the user to access to AWS console” box

5Select the buckets to be used in this access policy.Select the buckets

6Preview or modify the created access policy script.access policy scriptYou can find the full policy script by switching to the Policy Script tab.Policy Script tab In our example, the script looks like this:

{ 

    "Version":"2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketAcl",
                "s3:GetBucketVersioning",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketLocation",
                "s3:GetBucketPolicy"  
            ],
            "Resource": [
                "arn:aws:s3:::alex_cloudberry",
                "arn:aws:s3:::alextestim",
                "arn:aws:s3:::test.cloudberry"
            ],
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectAcl",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectVersionAcl"
            ],
            "Resource": [
                "arn:aws:s3:::alex_cloudberry/*",
                "arn:aws:s3:::alextestim/*",
                "arn:aws:s3:::test.cloudberry/*"
            ],
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*",
            "Condition": {}
        }
    ]
}

7Proceed with the Policy Wizard. After all the steps are completed you'll see the summary window. Now you’ve created your IAM user with limited permissions. To let this new user backup with MSP360 Backup, you need to create Access and Secret Keys for him. Follow the next instruction of this article to generate access keys!

Creating Access Keys

1Open MSP360 Explorer PRO, navigate on Access Manager (IAM) on the toolbar and select Access Manager.
Access Manager

2Choose your AWS account.Choose your AWS account

3Right click on your AWS IAM user and choose Manage Access Keys.
Manage Access Keys

4In the opened window, click the Create button. Access Key and Secret Key for your IAM user will be generated automatically.Create button

5Сopy your credentials to clipboard or save it to a file.
Сopy your credentials

Applying IAM keys to MSP360 Backup

1Launch MSP360 Backup, click on the Menu Icon in the upper-left corner and click on the Add New Account button.
Add New Account button

2In the "Select Cloud Storage" dialog, click on the Amazon S3 icon.
"Select Cloud Storage" dialog

3Give your account a name in "Display Name" field (you can type any name you want), specify your "Access Key / Secret Key" pair and select a storage bucket from the "Bucket name" drop-down menu.
"Access Key / Secret Key" pair

Now your MSP360 Backup user will have access with configured permissions only to a specified location in your S3 account.

author avatar
Alexander N
Alexander is the director of marketing at MSP360 and has been an important member of the company since its inception. He is an expert in IT marketing and has extensive knowledge of cloud storage services. Alexander cooperates with cloud vendors, MSPs, VARs and communicates the market needs and trends to our team.
MSP360 Managed Backup.
Simple. Reliable.
Powerful cross-platform backup and disaster recovery that leverages the public cloud to enable a comprehensive data protection strategy.
New call-to-action
MBS CTA image