Required AWS IAM Permissions for Amazon S3, Backblaze, and Wasabi

Product version: 10.8

Last modified: 21 October 2022

Question

I do not want to grant full administrative IAM permissions to NAKIVO Backup & Replication. What are the permissions required by NAKIVO Backup & Replication to work with Amazon S3, Backblaze, and Wasabi?

Answer

The following Amazon Web Services IAM permissions are required to work with Amazon S3, Backblaze, and Wasabi:

{
   "Version":"2012-10-17",
   "Statement":[
	   {
		"Sid":"statement1",
		"Effect": "Allow",
		"Action": [
			"s3:Get*",
			"s3:List*",
			"s3:PutObject",
			"s3:DeleteObject",
			"s3:PutObjectRetention",
        	"s3:DeleteObjectVersion"		],
		"Resource": [
			"*"		]
		}
    ]
}

Note
Don't forget to disable public access on buckets. Refer to Using Amazon S3 block public access for details.