How do I configure AWS S3 permissions for backups?

To give Beanstalk access to your AWS S3 bucket for custom backups, follow the steps below.

Create new IAM User

In the IAM Management Console on Amazon, click Create New User and follow on-screen instructions.

Full access (attach Managed Policy)

For the user you just created, click Attach Policy under Managed Policies. Select AmazonS3FullAccess from the list of policies and submit the form. This will give Beanstalk full access to your S3 account, which is more than enough for Beanstalk to perform backups.

If you wish to restrict Beanstalk's access only to a specific bucket instead of the entire account, see instructions below.

Partial access (create an Inline Policy)

If you wish to restrict Beanstalk's access to a specific bucket, attach an inline policy to the IAM user you just created. Click Create User Policy on the user page, then select Custom Policy, then paste the following text in the text area. Replace INSERT_YOUR_BUCKET_NAME with the bucket name you have previously created, and submit the form:

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::INSERT_YOUR_BUCKET_NAME",
                "arn:aws:s3:::INSERT_YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}

Still need help? Contact Us Contact Us