Granular User Policy for Wasabi

This granular policy includes the minimal set of permissions required to use all of the Backup software’s functionality, including backing up, restore, retention policy, immutability and backup data deletion.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:GetBucketVersioning",
        "s3:ListBucketMultipartUploads",
        "s3:ListBucketVersions",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetBucketObjectLockConfiguration",
        "s3:PutBucketObjectLockConfiguration"
      ],
      "Resource": "arn:aws:s3:::mybucket"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject",
        "s3:PutObjectRetention"
      ],
      "Resource": "arn:aws:s3:::bucket_name/"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": ""
    }
  ]
}

Make sure to replace “bucket_name” with the name of the target bucket.

Create User Policy for Wasabi User Account

In Wasabi Management Console create the user policy using the above suggestion.

To associate a policy with the user, perform the following:

  1. In Wasabi Management console click Users in the Wasabi menu on the left of the screen. Find the user you want to associate the policy with.
  2. Check whether the user access in configured as follows:
  • Programmatic (create API key)

-OR-

  • Console (Wasabi Management Console access)
  1. Click in the Attach Policy To User area and attach the newly created policy defined for your account. You can enter text to find a specific policy. For details refer to Wasabi Documentation.
https://git.cloudberrylab.com/egor.m/doc-help-mbs.git