How can I authenticate access to an S3 bucket using IAM role of my EC2 instance?
When backing up data to Amazon S3 storage, CubeBackup normally requires an IAM user with an access key to authenticate. Hwoever, some organizations may feel unsafe entering access keys directly in third-party applications.
If you are running CubeBackup on an EC2 instance, you may opt to assign an IAM role directly to the instance as a more secure solution with fine-grained security.
Configure S3 authentication during the initial setup
Create an IAM role that grants access to your S3 bucket, and attach it to your EC2 instance. For detailed instructions, please refer to AWS documentation: Using IAM roles to authenticate applications deployed to Amazon EC2.
In Step 2 of the CubeBackup setup wizard, select
S3
as the storage type, enter theData Index path
andBucket name
, but leave theAccess key ID
andSecret access key
fields empty.Click Next. CubeBackup will perform a storage writing test to verify the permissions before proceeding. If successful, complete the subsequent steps by following the instructions here.
Update the existing S3 bucket configuration
On the OVERVIEW page of the CubeBackup for Google Workspace web console, find the Storage status section (bottom right), and click the gear icon to open the update wizard. Press the Edit storage configuration button.
As a safety precaution, an authentication code will be emailed to you. Please type in the code to continue.
On the Storage status page, empty the
Access key ID
andSecret access key
fields.Click Save. CubeBackup will run a storage writing test to confirm permissions.
Return to Dashboard. You may now initiate a backup to confirm that the updated credential is operating without error.