In this guide you’ll learn how to setup your AWS account so that Vawlt can use your own Amazon S3 service as one of your volume’s cloud providers.
To achieve this, you need to create an IAM user with the permissions required by Vawlt to manage buckets and files, which will be used by Vawlt to authenticate its requests and manage resources inside your AWS Account.
1 – Go to Amazon IAM Service;
2 – Go to Add users page;
3 – Type a user name and select the Access Key credential type. This option will generate an access and secret keys after the user creation that will be used by Vawlt to authenticate requests in your behalf.
4 – Press the Create Policy button to create a new policy with the minimum required permissions so that Vawlt can fully operate.
5 – Regarding S3 permissions, Vawlt requires permission to execute ListBucket, GetObject, CreateBucket, DeleteBucket, DeleteObject and PutObject operations.
In order to restrict Vawlt read/write capabilities to the minimum required, specify the resources on which these operations can be executed upon.
Type vawlt* on the bucket name and * on the object name to allow Vawlt to manage all objects inside the buckets that explicitly start with string vawlt.
6 – Regarding IAM permissions, Vawlt requires permission to execute ListAccessKeys, ListAttachedUserPolicies, ListPolicies, GetPolicy, GetPolicyVersion, CreateAccessKey, CreateUser, DeleteAccessKey, DeleteUser, AttachUserPolicy, CreatePolicy, CreatePolicyVersion, DeletePolicy, DeletePolicyVersion and DetachUserPolicy. All these permissions are required to isolate the access to S3 objects, so that a Vawlt user can only access the objects that belong to his Vawlt volumes.
Once more, use vawlt* on the policy and user paths to allow Vawlt to manage all policies and users that explicitly start with string vawlt.
7 – Currently, Vawlt does not make use of the AWS Tags feature, so you can move on to the Review page.
8 – Give a name to the new policy (in our case we named it vawlt-policy) and press the Create Policy button.
9 – Now that we created the policy, we can proceed with the user creation process. Select the newly created policy, which will attach this policy to the user we are creating, and move on to the next page.
10 – Once more, Vawlt currently does not make use of AWS tags feature, so you can move on to the Review page.
11 – Press the Create User button to conclude the user creation.
12 – Save the generated access key and a secret key credentials somewhere safe.
13 – Finally, go to Vawlt Platform and insert the generated credentials.
If everything was done correctly, Vawlt will be able to authenticate with the created user’s credentials, and make use of your AWS account to store Vawlt’s data.
Note that some AWS regions are disabled by default. Make sure to enable all the disabled regions if you intend to create volumes in all the different Vawlt’s provided regions.