{"id":7,"date":"2016-05-08T12:35:00","date_gmt":"2016-05-08T08:35:00","guid":{"rendered":"http:\/\/yohoho.msp360.com\/?p=7"},"modified":"2024-10-02T13:24:21","modified_gmt":"2024-10-02T09:24:21","slug":"backup-with-iam-users","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/backup-with-iam-users\/","title":{"rendered":"MSP360 Backup with AWS IAM Users"},"content":{"rendered":"
\n
\n

MSP360 Backup<\/a><\/strong> and MSP360 Explorer<\/a><\/strong> provide users with an ability to leverage the Amazon Identity and Access Management (IAM)<\/strong> service that allows you to create multiple users for one AWS account and specify access rights for each user or the set of users.<\/a> Creating an Amazon IAM user with MSP360 ExplorerUse MSP360 Explorer PRO to create AWS IAM user. You can download a fully functional trial version<\/a>, it is free for 15 days.<\/p>\n

To start you\u2019ll need an Amazon Web Services account configured in MSP360 Explorer. You can learn how to do that in our video tutorial<\/a>.<\/p>\n

\n

1<\/var>Open MSP360 Explorer PRO, navigate on Access Man<\/strong>ager (IAM)<\/strong> on the toolbar and select New Policy Wizard<\/strong>.
\n\"New<\/p>\n

2<\/var>Select an AWS account you are going to work with.
\n\"Select<\/p>\n

3<\/var>Create your IAM user and come up with a name for it.
\n\"Create<\/p>\n

4<\/var>Set up permissions for your IAM user. Just choose an appropriate option. For example, purposes we\u2019ve chosen to grant read and write to selected buckets access to our AWS IAM user. Note: if you don\u2019t want your user to see a list of all of your S3 buckets, uncheck the \u201cAllow the user to access to AWS console\u201d box. It will provide you with a better security level.
\n\"uncheck<\/p>\n

5<\/var>Select the buckets to be used in this access policy.\"Select<\/p>\n

6<\/var>Preview or modify the created access policy script.\"accessYou can find the full policy script by switching to the Policy Script <\/strong>tab.\"Policy In our example, the script looks like this:<\/p>\n

{ \r\n\r\n    \"Version\":\"2012-10-17\",\r\n    \"Statement\": [\r\n        {\r\n            \"Effect\": \"Allow\",\r\n            \"Action\": [\r\n                \"s3:ListBucket\",\r\n                \"s3:GetBucketAcl\",\r\n                \"s3:GetBucketVersioning\",\r\n                \"s3:GetBucketRequestPayment\",\r\n                \"s3:GetBucketLocation\",\r\n                \"s3:GetBucketPolicy\"  \r\n            ],\r\n            \"Resource\": [\r\n                \"arn:aws:s3:::alex_cloudberry\",\r\n                \"arn:aws:s3:::alextestim\",\r\n                \"arn:aws:s3:::test.cloudberry\"\r\n            ],\r\n            \"Condition\": {}\r\n        },\r\n        {\r\n            \"Effect\": \"Allow\",\r\n            \"Action\": [\r\n                \"s3:GetObject\",\r\n                \"s3:DeleteObject\",\r\n                \"s3:DeleteObjectVersion\",\r\n                \"s3:GetObjectAcl\",\r\n                \"s3:GetObjectVersion\",\r\n                \"s3:GetObjectVersionAcl\",\r\n                \"s3:PutObject\",\r\n                \"s3:PutObjectAcl\",\r\n                \"s3:PutObjectVersionAcl\"\r\n            ],\r\n            \"Resource\": [\r\n                \"arn:aws:s3:::alex_cloudberry\/*\",\r\n                \"arn:aws:s3:::alextestim\/*\",\r\n                \"arn:aws:s3:::test.cloudberry\/*\"\r\n            ],\r\n            \"Condition\": {}\r\n        },\r\n        {\r\n            \"Effect\": \"Allow\",\r\n            \"Action\": \"s3:ListAllMyBuckets\",\r\n            \"Resource\": \"*\",\r\n            \"Condition\": {}\r\n        }\r\n    ]\r\n}<\/pre>\n
7<\/var>Proceed with the Policy Wizard. After all the steps are completed you'll see the summary window. Now you\u2019ve created your IAM user with limited permissions. To let this new user backup with MSP360 Backup, you need to create Access and Secret Keys<\/strong> for him. Follow the next instruction of this article to generate access keys!<\/p>\n<\/div>\n
Creating Access Keys<\/b><\/h3>\n
\n
1<\/var>Open MSP360 Explorer PRO, navigate on Access Manager (IAM)<\/strong> on the toolbar and select Access Manager<\/strong>.
\n\"Access<\/p>\n
2<\/var>Choose your AWS account.\"Choose<\/p>\n
3<\/var>Right click on your AWS IAM user and choose Manage Access Keys<\/strong>.
\n\"Manage<\/p>\n
4<\/var>In the opened window, click the Create <\/strong>button. Access Key and Secret Key for your IAM user will be generated automatically.\"Create<\/a><\/p>\n
5<\/var>\u0421opy your credentials to clipboard or save it to a file.
\n\"\u0421opy<\/p>\n<\/div>\n
Applying IAM keys to MSP360 Backup<\/b><\/h3>\n
\n
1<\/var>Launch MSP360 Backup, click on the Menu Icon<\/strong> in the upper-left corner and click on the Add New Account <\/strong>button.
\n\"Add<\/p>\n
2<\/var>In the \"Select Cloud Storage\" dialog, click on the Amazon S3<\/strong> icon.
\n\""Select<\/p>\n
3<\/var>Give your account a name in \"Display Name\" field (you can type any name you want), specify your \"Access Key \/ Secret Key<\/strong>\" pair and select\u00a0a storage bucket from the \"Bucket name\" drop-down menu.
\n\""Access<\/p>\n<\/div>\n
Now your MSP360 Backup user will have access with configured permissions only to a specified location in your S3 account.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
MSP360 Backup and MSP360 Explorer provide users with an ability to leverage the Amazon Identity and Access Management (IAM) service that allows you to create multiple users for one AWS account and specify access rights for each user or the set of users.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,894,882],"tags":[],"class_list":["post-7","post","type-post","status-publish","format-standard","hentry","category-blog-articles","category-msp360-backup","category-msp360-news"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":2,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":58696,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/7\/revisions\/58696"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}