Backing up to a folder within an S3 bucket
-
When backing up to a folder within a bucket, i’ve found that BackWPup requires you give the IAM user the s3:ListBucket permission on the main bucket. I’ve chosen not to backup to it’s own separate bucket for reasons of my own.
In the event of a site compromise, someone could theoretically obtain the access keys i’ve entered and be able to traverse my entire bucket tree (even though they might not be able to download anything).
Would it be possible for BackWPup to go straight to bucketname/folder/ instead of first going to bucketname, and then changing to the folder, which is what i’m presuming it does because I need to give it access to the main bucket.
Example, I can’t just do this:
{
“Effect”: “Allow”,
“Action”: [“s3:*”],
“Resource”: [“arn:aws:s3:::bucketname/folder”, “arn:aws:s3:::bucketname/folder/*”]
}I need to also do this in addition to the above:
{
“Effect”: “Allow”,
“Action”: [“s3:GetBucketLocation”, “s3:ListBucket”, “s3:ListBucketMultipartUploads”, “s3:ListMultipartUploadParts”, “s3:AbortMultipartUpload”],
“Resource”: [ “arn:aws:s3:::bucketname”]
}
- The topic ‘Backing up to a folder within an S3 bucket’ is closed to new replies.