IAM Role Support
Introduction
Vault supports AWS S3 as a storage environment to back up your metadata and data objects. Traditionally, users had to provide:
AWS S3 Bucket Name
Access Key
Secret Key
AWS Region
However, Vault now supports IAM Roles, allowing users to connect to S3 buckets without manually entering access or secret keys.
About IAM Role
An IAM Role in AWS is an identity with specific permissions policies. Unlike IAM users, roles do not require long-term credentials and are used to delegate access securely.
IAM Roles are ideal for:
Temporary credentials
Access control delegation
Enhanced security practices
For more information, refer to AWS IAM Roles documentation.
Prerequisites
To configure IAM Role support in Vault:
An active AWS account with access to S3 buckets
An IAM user with permissions to assume roles and access S3
Configuring in Vault
Log in to your Vault account.
Navigate to Settings > Backup Environment.
Set Storage Type to AWS S3.
Enter a Label Name (this is a user-defined reference name).
Enable the checkbox: "Role-based control for dedicated/On-Prem Instance"

Enter the S3 Bucket Name in the corresponding field.
Select an encryption method: either AES-256 or AWS-KMS.
Click Save Settings to complete the configuration.
Last updated
Was this helpful?