πŸ“œ
Our Manifesto
🧰
Backup & Disaster Recovery
πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ Customer Success & Supporty
πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ Community
Powered By GitBook
Bucket Access to Node Instance
How to provide bucket access to node instance role

πŸ› οΈ A step-by-step guide to provide bucket access to Atlan NodeInstancerole

Cross-account bucket access

STEP 1: Get the NodeInstancerole ARN value of the destination account

    Sign in to the AWS Management Console and open the IAM console - https://console.aws.amazon.com/iam/.
    Choose "Roles", in the navigation panel.
    Write the "NodeInstanserole" in the search bar and select the role. Make sure you choose the correct role. It should ideally begin from the stack name.
Find Roles
πŸ§™β€β™‚οΈRemember: Copy the value of RoleARN and store it. You will need it while configuring the bucket policy.
ARN Value

STEP 2: Create a bucket policy for NodeInstancerole.

    Choose "Policies" in the navigation panel and click on "Create Policies".
    Choose the JSON Tab and use the value given below to add to it.
πŸ‘€ Note: Do not forget to mention the bucket name in the policy.
1
{
2
"Version": "2012-10-17",
3
"Statement": [
4
{
5
"Effect": "Allow",`
6
"Action": [
7
"s3:GetObject",
8
"s3:GetObjectAcl",
9
"s3:ListAllMyBuckets",
10
"s3:ListBucket",
11
"s3:PutObject",
12
"s3:PutObjectAcl",
13
"s3:DeleteObject"
14
],
15
"Resource": [
16
"arn:aws:s3:::BucketName of source Stack",
17
"arn:aws:s3:::BucketName of source Stack/*"
18
]
19
}
20
]
21
}
Copied!
Bucket Policy
    Save the policy and attach this policy to NodeInstancerole

STEP 3: Grant access of the backup bucket(source) to NodeInstancerole in the source AWS account.

    Sign in the AWS Management Console of the source account (where our backup bucket is available) and open the S3 Services.
    Select the bucket, click on the "open permission" tab and edit the bucket policy.
Edit bucket policy
    Type the below value in the bucket policy. Do not forget to mention NodeInstanceRole ARN value of stack-2 in the bucket policy.
    1
    {
    2
    "Version": "2012-10-17",
    3
    "Id": "CrossAccountAccess",
    4
    "Statement": [
    5
    {
    6
    "Effect": "Allow",
    7
    "Principal": {
    8
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    9
    },
    10
    "Action": [
    11
    "s3:ListBucket",
    12
    "s3:GetBucketLocation"
    13
    ],
    14
    "Resource": "arn:aws:s3:::Source Bucket Name"
    15
    },
    16
    {
    17
    "Effect": "Allow",
    18
    "Principal": {
    19
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    20
    },
    21
    "Action": [
    22
    "s3:GetObject",
    23
    "s3:PutObject",
    24
    "s3:DeleteObject"
    25
    ],
    26
    "Resource": "arn:aws:s3:::Source Bucket Name/*"
    27
    }
    28
    ]
    29
    }
    Copied!
    Save the policy and it's done. πŸŽ‰

Same account bucket access

Follow Step 1 and Step 2 to grant bucket access to Atlan NodeInstancerole in the same account.
Last modified 3d ago