πŸ“œ
Our Manifesto
🧰
Backup & Disaster Recovery
πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ Customer Success & Support
πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ Community
Bucket Access to Node Instance
How to provide bucket access to node instance role

πŸ› οΈ A step-by-step guide to provide bucket access to Atlan NodeInstanceRole

Cross-account bucket access

STEP 1: Get the NodeInstanceRole ARN value of the destination account

  • Sign in to the AWS Management Console and open the IAM console - https://console.aws.amazon.com/iam/.
  • Choose "Roles", in the navigation panel.
  • Write the "NodeInstanceRole" in the search bar and select the role. Make sure you choose the correct role. It should ideally begin from the stack name.
Find Roles
πŸ§™β€β™‚οΈRemember: Copy the value of RoleARN and store it. You will need it while configuring the bucket policy.
ARN Value

STEP 2: Create a bucket policy for NodeInstanceRole.

  • Choose "Policies" in the navigation panel and click on "Create Policies".
  • Choose the JSON Tab and use the value given below to add to it.
πŸ‘€ Note: Do not forget to mention the bucket name in the policy.
1
{
2
"Version": "2012-10-17",
3
"Statement": [
4
{
5
"Effect": "Allow",`
6
"Action": [
7
"s3:GetObject",
8
"s3:GetObjectAcl",
9
"s3:ListAllMyBuckets",
10
"s3:ListBucket",
11
"s3:PutObject",
12
"s3:PutObjectAcl",
13
"s3:DeleteObject"
14
],
15
"Resource": [
16
"arn:aws:s3:::BucketName of source Stack",
17
"arn:aws:s3:::BucketName of source Stack/*"
18
]
19
}
20
]
21
}
Copied!
Bucket Policy
  • Save the policy and attach this policy to NodeInstanceRole

STEP 3: Grant access of the backup bucket(source) to NodeInstanceRole in the source AWS account.

  • Sign in the AWS Management Console of the source account (where our backup bucket is available) and open the S3 Services.
  • Select the bucket, click on the "open permission" tab and edit the bucket policy.
Edit bucket policy
  • Type the below value in the bucket policy. Do not forget to mention NodeInstanceRole ARN value of stack-2 in the bucket policy.
    1
    {
    2
    "Version": "2012-10-17",
    3
    "Id": "CrossAccountAccess",
    4
    "Statement": [
    5
    {
    6
    "Effect": "Allow",
    7
    "Principal": {
    8
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    9
    },
    10
    "Action": [
    11
    "s3:ListBucket",
    12
    "s3:GetBucketLocation"
    13
    ],
    14
    "Resource": "arn:aws:s3:::Source Bucket Name"
    15
    },
    16
    {
    17
    "Effect": "Allow",
    18
    "Principal": {
    19
    "AWS": "NodeInstanceRole ARN Value of Stack-2"
    20
    },
    21
    "Action": [
    22
    "s3:GetObject",
    23
    "s3:PutObject",
    24
    "s3:DeleteObject"
    25
    ],
    26
    "Resource": "arn:aws:s3:::Source Bucket Name/*"
    27
    }
    28
    ]
    29
    }
    Copied!
  • Save the policy and it's done. πŸŽ‰

Same account bucket access

Follow Step 1 and Step 2 to grant bucket access to Atlan NodeInstancerole in the same account.
Last modified 2mo ago