IAM Role Support
Points to Note:
This article is applicable for enterprise users (dedicated/on-premise) only.
Not applicable for shared instances users.
Introduction
To use AWS S3 as your storage environment to backup your metadata and data objects, you will need to configure in the Vault application first. To configure, you will need to add the below details in Vault:
AWS S3 bucket name
Access Key
Secret Key
AWS region
Taking things further, we've implemented support for IAM role in our latest release. This will allow IAM users to connect to S3 bucket without need to input access key and secret keys in our Vault application.
About IAM Role
Amazon's authentication system is incredibly flexible. That is, in addition to standard cloud credentials, Amazon allows users to create IAM roles. An IAM role, like a user, is an AWS identity with authorization policies that define what the identity can and cannot do in AWS.
Prerequisites
AWS Account with S3 buckets.
IAM user with IAM role permissions. For more information on how to create IAM roles, refer to the article here.
Configuring in Vault
Once you logged into your Vault account, go to Settings > Backup Environment.
Select AWS S3 as your Storage Type.
Provide a label of your choice (Need not be the same as your S3 Bucket name).
Select the Role-based control for dedicated/On-Prem Instance checkbox.
You will need to enter the name of your s3 bucket in the Bucket Name field.
Choose the default encryption method i.e., AES-256 or AWS-KMS.
Click Save Settings.
Last updated