๐Ÿ“œ Our Manifesto
๐Ÿงฐ Backup & Disaster Recovery
๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Customer Success & Supporty
๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Community

Bucket Access to Node Instance

How to provide bucket access to node instance role

๐Ÿ› ๏ธ A step-by-step guide to provide bucket access to Atlan NodeInstancerole

Cross-account bucket access

STEP 1: Get the NodeInstancerole ARN value of the destination account

  • Sign in to the AWS Management Console and open the IAM console - https://console.aws.amazon.com/iam/.

  • Choose "Roles", in the navigation panel.

  • Write the "NodeInstanserole" in the search bar and select the role. Make sure you choose the correct role. It should ideally begin from the stack name.

Find Roles

๐Ÿง™โ€โ™‚๏ธRemember: Copy the value of RoleARN and store it. You will need it while configuring the bucket policy.

ARN Value

STEP 2: Create a bucket policy for NodeInstancerole.

  • Choose "Policies" in the navigation panel and click on "Create Policies".

  • Choose the JSON Tab and use the value given below to add to it.

๐Ÿ‘€ Note: Do not forget to mention the bucket name in the policy.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",`
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::BucketName of source Stack",
"arn:aws:s3:::BucketName of source Stack/*"
]
}
]
}
Bucket Policy
  • Save the policy and attach this policy to NodeInstancerole

STEP 3: Grant access of the backup bucket(source) to NodeInstancerole in the source AWS account.

  • Sign in the AWS Management Console of the source account (where our backup bucket is available) and open the S3 Services.

  • Select the bucket, click on the "open permission" tab and edit the bucket policy.

Edit bucket policy
  • Type the below value in the bucket policy. Do not forget to mention NodeInstanceRole ARN value of stack-2 in the bucket policy.

    {
    "Version": "2012-10-17",
    "Id": "CrossAccountAccess",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    },
    "Action": [
    "s3:ListBucket",
    "s3:GetBucketLocation"
    ],
    "Resource": "arn:aws:s3:::Source Bucket Name"
    },
    {
    "Effect": "Allow",
    "Principal": {
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    },
    "Action": [
    "s3:GetObject",
    "s3:PutObject",
    "s3:DeleteObject"
    ],
    "Resource": "arn:aws:s3:::Source Bucket Name/*"
    }
    ]
    }
  • Save the policy and it's done. ๐ŸŽ‰

Same account bucket access

Follow Step 1 and Step 2 to grant bucket access to Atlan NodeInstancerole in the same account.