AWS requirements for storing snapshots in an AWS S3 bucket - BlueCat Cloud Resolver - 1.4.1

BlueCat Cloud Resolver Administration Guide

Locale
English
Product name
BlueCat Cloud Resolver
Version
1.4.1

If you are configuring Cloud Resolver in a high-availability cluster and storing the snapshot information in an AWS S3 bucket, you must configure the following IAM policies in AWS to provide read and write access to the objects in the S3 bucket. For information on creating IAM policies, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html.

Cloud Resolver instances with the full role

If you are configuring a Cloud Resolver instance to operate with the full role, the Cloud Resolver instance must be able to read and write the snapshot in the S3 bucket.

Create an IAM policy that has the following permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": ["arn:aws:s3:::<bucket-name>"]
        },
        {
            "Sid": "PutObject",
            "Effect": "Allow",
            "Action": "s3:*Object",
            "Resource": ["arn:aws:s3:::<bucket-name>/*"]
        }
    ]
}

Where <bucket-name> represents the name of the S3 bucket that contains the snapshot. Once you have created the IAM policy, you must assign the policy to the Cloud Resolver IAM role. For more information, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html.

Cloud Resolver instances with the resolver role

If you are configuring a Cloud Resolver instance to operate with the resolver role, the Cloud Resolver instance must be able to read the snapshot in the S3 bucket.

Create an IAM policy that has the following permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": ["arn:aws:s3:::<bucket-name>"]
        },
        {
            "Sid": "GetObject",
            "Effect": "Allow",
            "Action": "s3:*Object",
            "Resource": ["arn:aws:s3:::<bucket-name>/*"]
        }
    ]
}

Where <bucket-name> represents the name of the S3 bucket that contains the snapshot. Once you have created the IAM policy, you must assign the policy to the Cloud Resolver IAM role. For more information, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html.