UpdraftPlus Home › Forums › Paid support forum – UpdraftPlus backup plugin › Amazon Bucket Policy Failure
Tagged: amazon, bucket policy
- This topic has 5 replies, 2 voices, and was last updated 9 years, 9 months ago by Wayne.
-
AuthorPosts
-
February 3, 2015 at 6:31 pm #86782WayneParticipant
Hi,
I’m following the script here: https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/ and using the policy provided, I’m getting a “Statement is missing required element – Statement “NO_ID-1” is missing “Principal” element” error. Was wondering if something has changed, but I’m not finding much out there on this error. I’ve used this for over 10 different site backups, but it’s been over a year since I’ve had to set another up.
Here is the statement I’m trying to apply:
{
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”,
“s3:ListBucketMultipartUploads”
],
“Resource”: “arn:aws:s3:::website-backup-mywebsite.com”
},
{
“Effect”: “Allow”,
“Action”: [
“s3:AbortMultipartUpload”,
“s3:GetObject”,
“s3:GetObjectAcl”,
“s3:GetObjectVersion”,
“s3:GetObjectVersionAcl”,
“s3:PutObject”,
“s3:PutObjectAcl”,
“s3:PutObjectAclVersion”
],
“Resource”: “arn:aws:s3:::website-backup-mywebsite.com/*”
},
{
“Effect”: “Allow”,
“Action”: “s3:ListAllMyBuckets”,
“Resource”: “*”
}
]
}Any love?
February 3, 2015 at 6:48 pm #86787WayneParticipantInteresting. Using this: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html I was able to modify it to the following to get it to work. Dropped the last “ListAllMyBuckets” statement, removed s3:PutObjectVersion, and added in some additional elements.
{
“Version”: “2012-10-17”,
“Id”: “123”,
“Statement”: [
{
“Sid”: “”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: [
“s3:ListBucket”,
“s3:GetBucketLocation”,
“s3:ListBucketMultipartUploads”
],
“Resource”: “arn:aws:s3:::website-backup-mywebsite.com”
},
{
“Sid”: “”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: [
“s3:AbortMultipartUpload”,
“s3:GetObject”,
“s3:GetObjectAcl”,
“s3:GetObjectVersion”,
“s3:GetObjectVersionAcl”,
“s3:PutObject”,
“s3:PutObjectAcl”
],
“Resource”: “arn:aws:s3:::website-backup-mywebsite.com/*”
}
]
}February 4, 2015 at 9:41 am #86994udadminKeymasterHi Wayne,
Thanks for the report. Have you confused a user policy with a bucket policy? The one on the UD FAQ page is a user policy, restricting what an Amazon IAM user can do; it sounds like you’ve pasted a bucket policy, restricting what can be done on a specific bucket – ?
Best wishes,
DavidFebruary 4, 2015 at 11:45 pm #87218WayneParticipantOMG
you’re absolutely right. *facepalm*
Thanks!
February 4, 2015 at 11:47 pm #87220udadminKeymasterWe’ve all done worse!
You may want to set up a user policy – additionally, if not instead – as this protects your other AWS resources against someone stealing your AWS keys from the website, if the website ever gets hacked.
David
February 5, 2015 at 12:27 am #87228WayneParticipantThat’s what I was doing originally, when I was rolling this out to all my sites. Each site gets it’s own user. It’s just been a while since I’ve needed to set this up again.
This time, I’m creating an Evernote entry for myself. lol
Love the tool. Best one in my collection that I use with every site I develop.
Wayne
-
AuthorPosts
- The topic ‘Amazon Bucket Policy Failure’ is closed to new replies.