Portworx

AWS/S3 compliant object store

Prerequisites

  • In AWS, create an IAM role with the following permissions:

    • ec2:DeleteSnapshot
    • ec2:DescribeInstances
    • ec2:CreateTags
    • ec2:CreateSnapshots
    • ec2:DescribeVolumes
    • ec2:CreateSnapshot
    • ec2:DescribeRegions
    • ec2:DescribeSnapshots
    • ec2:CreateVolume

  • When you try to create a backup using a cloud account, make sure either the bucket is already created, or your credentials include permissions to create a bucket. If a bucket is not already created, you must add the s3:CreateBucket permission to your IAM role.

  • If Portworx is not yet installed on the cluster you wish to back up, you must add the following permissions to your IAM role:

    • s3:ListBucketMultipartUploads
    • s3:ListBucketVersions
    • s3:ListBucket
    • s3:GetBucketAcl
    • s3:ListMultipartUploadParts
    • s3:PutObject
    • s3:GetObjectAcl
    • s3:GetObject
    • s3:ListAllMyBuckets
    • s3:GetObjectVersionAcl
    • s3:DeleteObject
    • s3:PutObjectAcl
    NOTE: To configure object lock in PX-Backup, you need to enable additional permissions for the IAM role. For more information, refer to Prerequisites in Create object lock enabled backups.

Add an AWS cloud account to PX-Backup

Perform the following steps to add an AWS cloud account to PX-Backup:

  1. From the home page, select Settings, Cloud Settings to open the cloud settings page:

    Cloud settings

  2. Select Add:

    Add new cloud account

  3. Choose AWS / S3 Compliant Object Store from the drop-down list:

    Select AWS

  4. Populate the fields in the Add Cloud Account page:

    • Enter a descriptive account name
    • In the Public Key field, add your S3 access key ID
    • In the Secret Key field, add your S3 secret access key

    Populate the fields

  5. Select the Add button

Last edited: Thursday, May 19, 2022
Questions? Visit the Portworx forum.