Bug #73615 | Required S3 permissions not documented | ||
---|---|---|---|
Submitted: | 17 Aug 2014 18:30 | Modified: | 6 Feb 2015 22:05 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Enterprise Backup Documentation | Severity: | S3 (Non-critical) |
Version: | 3.10.2 | OS: | Any |
Assigned to: | Daniel So | CPU Architecture: | Any |
Tags: | cloud, permissions, s3 |
[17 Aug 2014 18:30]
Daniël van Eeden
[17 Aug 2014 19:53]
Daniël van Eeden
This is probably the minimal required policy. Tested with 3.10.2. Replace my_meb_bucket with the actual bucket name. ------------------------------------------- { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1408302840000", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::my_meb_bucket/*" ] } ] } -------------------------------------------
[17 Aug 2014 19:54]
Daniël van Eeden
The permissions are listed here: http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
[18 Aug 2014 7:48]
MySQL Verification Team
Hello Daniël, Thank you for the report. Thanks, Umesh
[6 Feb 2015 22:05]
Daniel So
Added the following explanation to the description of the --cloud-bucket option in the MySQL Enterprise Backup 3.10 and 3.11 manuals: " In order to perform cloud backups and restores with the bucket, the user identified by the --cloud-access-key-id option must have at least the following permissions on the bucket: s3:ListBucket: For listing information on items in the bucket. s3:ListBucketMultipartUploads: For listing multipart uploads in progress to the bucket. s3:GetObject: For retrieving objects from the bucket. s3:PutObject: For adding objects to the bucket. " The changes will be available in the next builds of the manuals.