Skip to content

use a bucket policy to grant permissions to access the bucket #1734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 14, 2024
Merged

use a bucket policy to grant permissions to access the bucket #1734

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3017b4f
use a bucket policy to grant permissions to access the bucket
renetapopova Jul 19, 2024
634633e
apply suggestions from review
renetapopova Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 37 additions & 7 deletions modules/ROOT/partials/aws-s3-credentials.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
. Ensure that the AWS CLI is installed and configured with the necessary credentials.
.. Install the AWS CLI by following the instructions in the AWS official documentation -- link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html[Install the AWS CLI version 2].
.. Use `aws configure` command to set your `aws_access_key_id` and `aws_secret_access_key` from AWS.
.. Create an S3 bucket and a directory to store the backup files using the AWS CLI:

. Install the AWS CLI by following the instructions in the AWS official documentation -- link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html[Install the AWS CLI version 2].
. Create an S3 bucket and a directory to store the backup files using the AWS CLI:
+
[source,shell]
----
Expand All @@ -10,7 +9,7 @@ aws s3api put-object --bucket myBucket --key myDirectory/
----
+
For more information on how to create a bucket and use the AWS CLI, see the AWS official documentation -- link:https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3-commands.html#using-s3-commands-prereqs[Use Amazon S3 with the AWS CLI] and link:https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3.html[Use high-level (s3) commands with the AWS CLI].
.. Verify that the `~/.aws/config` is correct by running the following command:
. Verify that the `~/.aws/config` file is correct by running the following command:
+
[source,shell]
----
Expand All @@ -21,9 +20,12 @@ The output should look like this:
[result,shell]
----
[default]
region=eu-north-1
region=us-east-1
----
.. Verify that the `~/.aws/credentials` is correct:
. Configure the access to your AWS S3 bucket by setting the `aws_access_key_id` and `aws_secret_access_key` in the `~/.aws/credentials` file and, if needed, using a bucket policy.
For example:

.. Use `aws configure set aws_access_key_id aws_secret_access_key` command to set your IAM credentials from AWS and verify that the `~/.aws/credentials` is correct:
+
[source,shell]
----
Expand All @@ -36,4 +38,32 @@ The output should look like this:
[default]
aws_access_key_id=this.is.secret
aws_secret_access_key=this.is.super.secret
----

.. Additionally, you can use a resource-based policy to grant access permissions to your S3 bucket and the objects in it.
Create a policy document with the following content and attach it to the bucket.
Note that both resource entries are important to be able to download and upload files.
+
[source, json]
----
{
"Version": "2012-10-17",
"Id": "Neo4jBackupAggregatePolicy",
"Statement": [
{
"Sid": "Neo4jBackupAggregateStatement",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::myBucket/*",
"arn:aws:s3:::myBucket"
]
}
]
}
----