The following article deals with configuring the AWS S3 bucket as a storage environment in your Vault account. To begin with, you will need an S3 bucket created in your AWS account.
How to create and configure AWS S3 bucket
- Log in to the AWS Console at https://aws.amazon.com/console/
- From the storage service, click on S3.
- Click on Create Bucket. The Create bucket page opens.
- Enter the Bucket name.The Bucket name must:
- Should be unique across the globe
- Be between 3 and 63 characters long.
- Not contain uppercase characters.
- Start with a lowercase letter or number.
- In Region, choose the AWS Region where you want the bucket to reside (keep a note of the AWS region chosen by you. For ex- us-east-2). This will come in handy when you configure the bucket in Vault.
- Choose Create bucket.
- Once you're done creating the bucket, go to the Properties tab.
- Click on Default Encryption and choose the second option i.e., AES-256.
- Click on the Save button.
- Next, search for IAM from the AWS Management console homepage.
- Click on Policies > Create policy.
- Switch to the JSON tab and paste the below text by replacing 'bucket_name' with the name of the bucket that was created in previous steps.
- Click on Review policy and provide a name to the policy.
- Click on Create policy.
- After the policy is created, go to the Users tab, and click on Add user.
- Enter an IAM username specific for Vault integration.
- Select the AWS access type as Programmatic access.
- Click on Next: Permissions to go to the next page.
- Click on Attach existing policies directly.
- Search for the policy created in Steps 10-14.
- Select the policy and click on Next: Tags.
- Skip to the last screen and click on Create user.
- Click on Download .CSV file for downloading the credentials (access key and secret key) to be configured in Vault.
Configuring in Vault
- Log in to your Vault account.
- Go to Settings > Backup Environment.
- Select AWS S3 as the Storage Type.
- Provide a label of your choice (Need not be the same as your S3 Bucket name).
- Enter the name of your s3 bucket in the Bucket Name field.
- Provide the Access key and Secret key by copying from the CSV file downloaded earlier (mentioned in Step 23).
- Select the region to be the same as the region provided for the bucket while creating in Step 5.
- Enable the checkbox: AES-256 Encryption
- Click on Save Settings.