Amazon AWS S3 User Policy for Updraft Plus

10/17/2015 - 10:37 AM

Amazon AWS S3 User Policy for Updraft Plus

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::mybucket",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:PutObjectAclVersion"
      ],
      "Resource": "arn:aws:s3:::mybucket/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*",
      "Condition": {}
    }
  ]
}

ReadMe.md

Rendered
Source

#User Policy for Amazon S3 Backups Using Updraft Plus

This user policy prevents the user credentials from being used to deleate backups from within the wordpress admin settings page for the plugin. This prevents anyone accidentaly or delibertly removing backups. The versioning and deleating is handeled by S3 bucket policies.

To make this user policy useful, we need to removed these two actions: "s3:DeleteObject", "s3:DeleteObjectVersion",

To update and use this policy, run a find and replace on "mybucket" and replace with your S3 bucket name.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::mybucket",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:PutObjectAclVersion"
      ],
      "Resource": "arn:aws:s3:::mybucket/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*",
      "Condition": {}
    }
  ]
}

Source

https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/

Bucket-Properties.md

Rendered
Source

#Bucket Properties for Versioning and Lifecycle

###Versioning

Turn on versioning. This allows us to preserve, reterieve and restore versions of each backup file. This is important incase a backup file is ever overwritten with a bad or corupted file.

###Lifecycle

We will create a lifecycle rule tp ultimelty deal with deleating old backups, since the user we have assigned to updraft can no longer autoamticaly delate old backups based on the plugins settings. For this example I set the limit to 30 days.

####Rule Two - Reduce Storage After 15 Days Action on Current Version

Expire:
30 Days after the object's creation date

Action on Previous Versions

Permanetly Delete:
30 Days after becoming a pervious version

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Amazon AWS S3 User Policy for Updraft Plus