Set up your Backup storage bucket in Amazon S3

Prior to attempting these steps, please ensure that you have a valid AWS Billing account and the permissions necessary to create or manage Users, Buckets, Policies and optionally KMS keys.

See here for more information on Cloud Storage pricing.

Bucket Setup

Create a User

In this section we will create a user using the AWS console.

  1. Open the AWS console and using the search box, search for the text IAM. In the search results, select the IAM Service and you will navigate to the IAM Dashboard.
  2. On the left hand navigation select Users.
  3. Click the Create User button.
  4. Enter the User name you require and click Next
  5. Do not select a User group and click Next
  6. Click Create user
  7. Locate the user in the user list and click on them to view their properties
  8. Click the Create access key link
  9. Select the option Application running outside AWS and click Next
  10. Optionally provide a description tag
  11. Click Create access key
  12. Note the Access key and Secret access key values for use in CloudM Backup
  13. Click Done

Create an Encryption Key (Optional)

In this section we will optionally create a KMS Key using the AWS console. Please note, this step is not required in order to use Amazon S3 with CloudM Backup. All S3 buckets are encrypted by default. This step just allows use of a custom key.

  1. Open the AWS console and using the search box, search for the text KMS. In the search results, select Key Management Service and you will navigate to the Customer managed keys page.
  2. Click the Create key button.
  3. On the Configure key page set the following options:
    1. Key type = Symmetric
    2. Key usage = Encrypt and Decrypt
    3. Advanced options -> Key material origin = KMS
    4. Advanced options -> Regionality = Single-region key
  4. Click the Next button
  5. Add an Alias and optionally a Description
  6. Click the Next button
  7. Select any additional Key administrators you require
  8. Click the Next button
  9. Select the User added in the previous section as a Key user
  10. Click the Next button
  11. Click Finish
  12. Locate the new key and Note its Amazon Resource Name (ARN)

Create a Bucket

In this section we will create a bucket using the AWS console.

  1. Open the AWS console and using the search box, search for the text S3. In the search results, select S3 and you will navigate to the S3 list page.
  2. Click the Create bucket button.
  3. Enter a valid Bucket name. Be aware this needs to be globally unique and conform to the rules for bucket naming.
  4. Select the AWS Region which conforms to the list of supported regions for Backup.
  5. Leave the Object Ownership, Public Access and Bucket Versioning settings unchanged
  6. If using your own Encryption Key from the optional section above
    1. Select Encryption type = SSE-KMS
    2. Select Choose from your AWS KMS keys
    3. Pick the encryption key you created in the previous section
  7. Otherwise leave Encryption type = SSE-S3
  8. Click Create bucket
  9. Locate the bucket you have created and Note its ARN

Create a Policy

In this section we will create a policy using the AWS console.

  1. Open the AWS console and using the search box, search for the text IAM. In the search results, select the IAM Service and you will navigate to the IAM Dashboard.
  2. On the left hand navigation select Policies.
  3. Click the Create policy button.
  4. Click the JSON button
  5. If you have chosen to use a custom KMS key for server side encryption replace the placeholders in the following JSON and paste into the Permissions defined in this policy text area.
  6. Otherwise, replace the placeholders in the following JSON and paste into the Permissions defined in this policy text area.
  7. Click Next
  8. Enter a Policy name and optionally a Description
  9. Click Create policy
  10. Locate the policy you have created. You may need to filter by type Customer managed
  11. Click the policy to view its properties
  12. Select the tab Entities attached
  13. In the section titled Attached as a permissions policy, click the Attach button
  14. Locate the user you created, select them and click the Attach policy button

CloudM Backup Amazon S3 storage bucket requirements

Your CloudM Backup storage bucket needs to be either US or Europe and it has to be in the same region as your Google Workspace Tenant. It cannot be the same bucket that you use for CloudM Archive.

Supported Amazon S3 regions

us-east-2

us-east-1

us-west-1

us-west-2

ca-central-1

eu-central-1

eu-west-1

eu-west-2

eu-south-1

eu-west-3

eu-north-1

eu-south-2

eu-central-2

Was this article helpful?
0 out of 1 found this helpful