AWS S3 Target Permissions
Permissions required to add S3 as a target to T4K
To add AWS S3 (object storage) as a Target within T4K, users need specific access permissions on the bucket.
Implementation Step
Create the following Policy in AWS
Note: replace
bucketname
with name of the s3 bucket name
Attach policy to a user and collect the Access key ID ,Secret access key which the user has to provide while adding an AWS target.
Optional: In case an AWS policy has been attached to a bucket then the bucket policy should be as follows:
Note:
Alice
is user in root account111122223333
Security Settings:
To perform target browsing, privileged containers are required for both object storage and NFS storage. Refer to the official documentation: Pod Security Context
If user has restricted privileged containers across backup and/or restore namespaces. PodSecurityPolicy should be edited to allow privileged containers. Create or edit the PodSecurityPolicy with the necessary privileges. Save this configuration in a YAML file, for example,
allow-privileged-psp.yaml
:
Apply or update the PodSecurityPolicy in your cluster:
Next, create a ClusterRole that allows the use of the PodSecurityPolicy:
Apply the ClusterRole to your cluster:
Create a ClusterRoleBinding to bind the ClusterRole to the
backup-namespace
where you want to allow privileged containers:
Apply the ClusterRoleBinding to your cluster:
Make sure to adapt the configuration to your specific use case and security requirements. Please consult your system administrator before updating the PodSecurityPolicy.