{"id":5138,"date":"2014-08-26T18:15:26","date_gmt":"2014-08-26T14:15:26","guid":{"rendered":"http:\/\/www.msp360.com\/blog\/?p=5138"},"modified":"2021-12-29T11:35:19","modified_gmt":"2021-12-29T07:35:19","slug":"backup-with-aws-iam-users-for-amazon-glacier","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/backup-with-aws-iam-users-for-amazon-glacier\/","title":{"rendered":"How to Configure IAM Users for Amazon Glacier"},"content":{"rendered":"<p>Below is a guide on how to:<\/p>\n<ul>\n<li>Configure multiple users with limited access to Amazon Glacier account using<a href=\"https:\/\/www.msp360.com\/explorer\/\"> CloudBerry Explorer<\/a><\/li>\n<li>Generate individual Access and Secret Keys for each user in CloudBerry Explorer<\/li>\n<li>\u0421onfigure <a href=\"https:\/\/www.msp360.com\/backup\/\">CloudBerry Backup<\/a> to use AWS IAM user account.<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<div class=\"table-of-content \">\n\t\t\t\t<p>Table of Contents<\/p>\n\t\t\t\t<ul><\/ul>\n\t\t\t\t<\/div>\n<p>Use CloudBerry Explorer PRO to create <strong>AWS IAM user<\/strong>. You can download a <a href=\"https:\/\/www.msp360.com\/download-thanks.aspx?prod=cbes3pro\">fully functional trial version,<\/a>\u00a0it is free for 15 days.<\/p>\n<div class=\"call-to-action\">\n<div class=\"call-to-action__left\" style=\"width: 70%;\">\n<div class=\"call-to-action__tag\">FREE WHITEPAPER<\/div>\n<div class=\"call-to-action__title\">Mastering AWS IAM for Amazon S3<\/div>\n<div class=\"call-to-action__text\">Learn how to effectively manage the security of your Amazon S3 account to protect your and your clients' data<\/div>\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-9120adb3-1267-4129-ad5a-d8f06b87d969\" data-portal=\"5442029\" data-id=\"9120adb3-1267-4129-ad5a-d8f06b87d969\"><span class=\"hs-cta-node hs-cta-9120adb3-1267-4129-ad5a-d8f06b87d969\" id=\"hs-cta-9120adb3-1267-4129-ad5a-d8f06b87d969\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/9120adb3-1267-4129-ad5a-d8f06b87d969\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-9120adb3-1267-4129-ad5a-d8f06b87d969\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/9120adb3-1267-4129-ad5a-d8f06b87d969.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div>\n<div class=\"call-to-action__right\" style=\"width: 30%;\"><img decoding=\"async\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/07\/Mastering-AWS-IAM-for-Amazon-S3.png\" alt=\"WP icon\" \/><\/div>\n<\/div>\n<p>To start you\u2019ll need an Amazon Web Services account configured in CloudBerry Explorer.\u00a0Having an Amazon Glacier account assigned with CloudBerry Explorer you can start creating your IAM user. Below are the steps you have to take:<\/p>\n<div class=\"steps\">\n<p><var>1<\/var> Open CloudBerry Explorer PRO, go to \u201cAccess Manager (IAM)\u201d and click on the \u201cAccess Manager\u201d.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5141\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/11.png\" alt=\"1\" width=\"299\" height=\"95\" \/><\/p>\n<p><var>2<\/var> Select an Amazon Glacier account you are going to work with.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5142\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/21.png\" alt=\"2\" width=\"463\" height=\"87\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/21.png 463w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/21-300x56.png 300w\" sizes=\"auto, (max-width: 463px) 100vw, 463px\" \/><\/p>\n<p><var>3<\/var> Create an IAM user by clicking on <strong>New User<\/strong>... button on the toolbar:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5143\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/3.png\" alt=\"3\" width=\"307\" height=\"111\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/3.png 307w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/3-300x108.png 300w\" sizes=\"auto, (max-width: 307px) 100vw, 307px\" \/><\/p>\n<p>Type a username and click OK:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5144\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/4.png\" alt=\"4\" width=\"408\" height=\"227\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/4.png 408w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/4-300x166.png 300w\" sizes=\"auto, (max-width: 408px) 100vw, 408px\" \/><\/p>\n<p><strong>Note:<\/strong> you can create a group and use a group policy for every new user by assigning the user to the group (use New Group... toolbar button to create a group).<\/p>\n<p><var>4<\/var> Set up permissions for the IAM user. Just click <strong>New Policy<\/strong>... toolbar button<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5145\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/5.png\" alt=\"5\" width=\"559\" height=\"324\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/5.png 559w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/5-300x173.png 300w\" sizes=\"auto, (max-width: 559px) 100vw, 559px\" \/><\/p>\n<p>Specify a policy name and select the IAM user from the drop-down list that you would like to set policy to.<\/p>\n<p><strong>Note:<\/strong> if you want to create a policy for a group, select Group in \"Apply policy to\" options.<\/p>\n<p>To specify a policy script, click on <strong>Policy Script<\/strong> tab and copy-paste the following policy there:<\/p>\n<div style=\"font-family: tahoma; color: blue; padding: 15px;\">{<br \/>\n\"Statement\": [<br \/>\n{<br \/>\n\"Effect\": \"Allow\",<br \/>\n\"NotAction\": \"glacier:DeleteVault\",<br \/>\n\"Resource\": \"arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults\/YOURVAULT\",<br \/>\n\"Condition\": {}<br \/>\n},<br \/>\n{<br \/>\n\"Effect\": \"Allow\",<br \/>\n\"Action\": \"glacier:*\",<br \/>\n\"Resource\": \"arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults\/YOURVAULT\/*\",<br \/>\n\"Condition\": {}<br \/>\n},<br \/>\n{<br \/>\n\"Effect\": \"Allow\",<br \/>\n\"Action\": \"glacier:ListVaults\",<br \/>\n\"Resource\": \"arn:aws:glacier:*:XXXXXXXXXXXX:vaults\/*\",<br \/>\n\"Condition\": {}<br \/>\n}<br \/>\n]<br \/>\n}<\/div>\n<p id=\"last\">This is minimum required permissions for backup\/restore using CloudBerry Backup - it grants read\/write access to a certain vault to your IAM user. <strong>Note:<\/strong> to get ARN address (arn:aws:glacier:YOURREGION:XXXXXXXXXXXX:vaults\/YOURVAULT) of your vault you can right-click on the vault being on left or right pane in CloudBerry Explorer and select Properties, then you will see Vault ARN (copy-paste it):<\/p>\n<div id=\"slidebox\"><a class=\"close\">\u00a0<\/a><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-015aca63-e776-436f-9ef1-337ab4cf6692\" data-portal=\"5442029\" data-id=\"015aca63-e776-436f-9ef1-337ab4cf6692\"><span class=\"hs-cta-node hs-cta-015aca63-e776-436f-9ef1-337ab4cf6692\" id=\"hs-cta-015aca63-e776-436f-9ef1-337ab4cf6692\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/015aca63-e776-436f-9ef1-337ab4cf6692\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-015aca63-e776-436f-9ef1-337ab4cf6692\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/015aca63-e776-436f-9ef1-337ab4cf6692.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5146\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/6.png\" alt=\"6\" width=\"527\" height=\"315\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/6.png 527w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/6-300x179.png 300w\" sizes=\"auto, (max-width: 527px) 100vw, 527px\" \/><\/p>\n<p>Click OK to create a policy.<\/p>\n<p><var>5<\/var> After all the steps are completed, to let this user back up with MSP360 Backup you have to create Access and Secret Keys for it.<\/p>\n<\/div>\n<h2>Creating Access Keys<\/h2>\n<div class=\"steps\">\n<p><var>1<\/var> In IAM Manager, right-click on your IAM user and select <strong>Manage Access Keys.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5147\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/7.png\" alt=\"7\" width=\"316\" height=\"272\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/7.png 316w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/7-300x258.png 300w\" sizes=\"auto, (max-width: 316px) 100vw, 316px\" \/><\/strong><\/p>\n<p><var>2<\/var> \u00a0In the opened window click \u201cCreate\u201d - Access Key and Secret Key for your IAM user will be generated automatically.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5148\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/8.png\" alt=\"8\" width=\"413\" height=\"332\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/8.png 413w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/8-300x241.png 300w\" sizes=\"auto, (max-width: 413px) 100vw, 413px\" \/><\/p>\n<p><var>3<\/var> \u00a0\u0421opy your credentials to the clipboard or save it to a file.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5149\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/9.png\" alt=\"9\" width=\"442\" height=\"376\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/9.png 442w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/9-300x255.png 300w\" sizes=\"auto, (max-width: 442px) 100vw, 442px\" \/><\/p>\n<\/div>\n<h2>Applying IAM keys to MSP360 Backup<\/h2>\n<div class=\"steps\">\n<p><var>1<\/var> \u00a0Open your MSP360 Backup. In the \u201cFile\u201d menu choose \u201cAmazon Glacier\u201c account:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5150\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/10.png\" alt=\"10\" width=\"258\" height=\"113\" \/><\/p>\n<p><var>2<\/var> \u00a0Create a new account or edit the existing one.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5151\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/111.png\" alt=\"11\" width=\"541\" height=\"468\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/111.png 541w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/111-300x259.png 300w\" sizes=\"auto, (max-width: 541px) 100vw, 541px\" \/><\/p>\n<p><var>3<\/var> \u00a0In the opened window insert previously created Access and Secret Keys and drop-down the list of vaults so that you can select the one you are granted to work with.<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5152\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/12.png\" alt=\"12\" width=\"444\" height=\"325\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/12.png 444w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2014\/08\/12-300x219.png 300w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><\/p>\n<p><var>4<\/var> Now your MSP360 Backup user will have access with configured permissions only to a specified location in your Amazon Glacier account.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Below is a guide on how to: Configure multiple users with limited access to Amazon Glacier account using CloudBerry Explorer Generate individual Access and Secret Keys for each user in CloudBerry Explorer \u0421onfigure CloudBerry Backup to use AWS IAM user account.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[883,877],"tags":[],"class_list":["post-5138","post","type-post","status-publish","format-standard","hentry","category-backup-and-dr-articles","category-blog-articles"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/5138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=5138"}],"version-history":[{"count":2,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/5138\/revisions"}],"predecessor-version":[{"id":52703,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/5138\/revisions\/52703"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=5138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=5138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=5138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}