# Amazon AWS S3 Storage Environment The following article deals with configuring the AWS S3 bucket as a storage environment in your Vault account. To begin with, you will need an S3 bucket created in your AWS account. ### How to create and configure AWS S3 bucket 1. Log in to the AWS Console at 2. From the storage service, click on **S3**.

3. Click on **Create Bucket**. The **Create bucket** page opens.

4. Enter the **Bucket name**.The Bucket name must: * Should be unique across the globe * Be between 3 and 63 characters long. * Not contain uppercase characters. * Start with a lowercase letter or number. 5. In **Region**, choose the AWS Region where you want the bucket to reside (keep a note of the AWS region chosen by you. *For ex- us-east-2*). This will come in handy when you configure the bucket in Vault. 6. Choose **Create bucket**.

7. Once you're done creating the bucket, go to the **Properties** tab. 8. Click on **Default Encryption** and choose the second option i.e., **AES-256**. 9. Click on the **Save** button.

10. Next, search for **IAM** from the **AWS Management console** homepage. 11. Click on **Policies > Create policy**.

12. Switch to the **JSON** tab and paste the below text by replacing '**bucket\_name'** with the name of the bucket that was created in previous steps. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::bucket_name", "arn:aws:s3:::bucket_name/*" ] }, { "Effect": "Deny", "NotAction": "s3:*", "NotResource": [ "arn:aws:s3:::bucket_name", "arn:aws:s3:::bucket_name/*" ] } ] } ```

13. Click on **Review policy** and provide a name to the policy. 14. Click on **Create policy**. 15. After the policy is created, go to the **Users** tab, and click on **Add user**.

16. Enter an IAM username specific for Vault integration. 17. Select the **AWS access type** as **Programmatic access.** 18. Click on **Next: Permissions** to go to the next page.

19. Click on **Attach existing policies directly.**

20. Search for the policy created in *Steps 10-14.* 21. Select the policy and click on **Next: Tags.** 22. Skip to the last screen and click on **Create user**. 23. Click on **Download .CSV file** for downloading the credentials (access key and secret key) to be configured in Vault. ### Configuring in Vault 1. Log in to your Vault account. 2. Go to **Settings > Backup Environment.** 3. Select **AWS S3** as the **Storage Type**. 4. Provide a **label** of your choice (Need not be the same as your S3 Bucket name). 5. Enter the name of your s3 bucket in the **Bucket Name** field. 6. Provide the **Access key** and **Secret key** by copying from the CSV file downloaded earlier (mentioned in *Step 23*). 7. Select the region to be the same as the region provided for the bucket while creating in *Step 5*. 8. Enable the checkbox: **AES-256 Encryption** 9. Click on **Save Settings**.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://knowledgebase.autorabit.com/product-guides/vault/configuring-vault/configure-backup-environment/amazon-aws-s3-storage-environment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.