IAM Policy for OpsCenter backup to S3 user

让人想犯罪 __ 提交于 2020-01-29 09:48:51

问题


Using OpsCenter 5.1.0 and trying to add S3 as a location for snapshot backups. What are the necessary permissions in AWS IAM for the opscenter user? So far, I have the following policy:

"Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::cassandra-bkup" ] }, { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::cassandra-bkup/*" ] } ]

but backups are still failing. In opscenterd.log, the following error is seen:

WARN: Marking request af93899e-ae89-4ada-8b3b-ef93d0272d61 as failed: {'sstables': {'reporting_test': {u'cards': {'total_size': 9829, 'total_files': 6, 'done_files': 0, 'errors': [u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}']}, etc, etc.

Backup to local server succeeds, however.


回答1:


After some trial and error, I found that the following policy worked

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketAcl" ], "Resource": [ "arn:aws:s3:::prod-bkup" ] }, { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::prod-bkup/*" ] } ] }

EDIT: added s3:GetBucketAcl as a required permission



来源:https://stackoverflow.com/questions/29131437/iam-policy-for-opscenter-backup-to-s3-user

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!