S3 role connection on object storage

[sankler.bergman]

Hello, im having security issues as we growth in tenants that we send backup jobs to an S3 bucket

On VBR console we only have the option to add an key and secret informations but doesnt allow me to add trought an role instead

[sfirmes]

Sankler,

Thanks for reaching out. You can control what role(s) the user has via IAM policies. Here is an example of an IAM policy that can be used with VBR. Example IAM policy

Hope this helps.

Steve

[sankler.bergman]

but steve as you can on these kind of policy is that we have to implicit let them to deleteobjects, so if you have the power throught the primary key you can also do malisous activity on the side of this bucket if in any kind you have access to this kind of information

[sankler.bergman]

i have another question, how can i suggest this as an future feature on Veeam?

[sfirmes]

but steve as you can on these kind of policy is that we have to implicit let them to deleteobjects, so if you have the power throught the primary key you can also do malisous activity on the side of this bucket if in any kind you have access to this kind of information

The IAM policy example is to grant the account/credentials used by VBR in order to put/get/delete, etc.... objects within the bucket used for the repository. In this scenario VBR needs to be able to delete objects as part of its normal backup data management processes.

Hope I was able to clarify what the documented IAM policy's intent was.

Steve

[sfirmes]

i have another question, how can i suggest this as an future feature on Veeam?

Sankler,

If you can PM me and provide me the details of what you are requesting, I will place this request into our system.

Thanks

Steve