IAM Role Support

Point to Note:

  • This article is applicable for enterprise users (dedicated/on-premise) only.

  • Not applicable for shared instances users.


To use AWS S3 as your storage environment to backup your metadata and data objects, you will need to configure in the Vault application first. To configure, you will need to add the below details in Vault:

  • AWS S3 bucket name

  • Access Key

  • Secret Key

  • AWS region

Taking things further, we've implemented support for IAM role in our latest release. This will allow IAM users to connect to S3 bucket without need to input access key and secret keys in our Vault application.

About IAM Role

Amazon's authentication system is incredibly flexible. That is, in addition to standard cloud credentials, Amazon allows users to create IAM roles. An IAM role, like a user, is an AWS identity with authorization policies that define what the identity can and cannot do in AWS.


  • AWS Account with S3 buckets.

  • IAM user with IAM role permissions. For more information on how to create IAM roles, refer to the article here.

Configuring in Vault

  1. Once you logged into your Vault account, go to Settings > Backup Environment.

  2. Select AWS S3 as your Storage Type.

  3. Provide a label of your choice (Need not be the same as your S3 Bucket name).

  4. You will need to enter the name of your s3 bucket in the Bucket Name field.

  5. Choose the default encryption method i.e., AES-256 or AWS-KMS.

  6. Click Save Settings.

Last updated