Created
July 4, 2021 21:38
-
-
Save obale/f44539a898001dff4b1b3773d7cb3511 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:*" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::restic/locks", | |
| "arn:aws:s3:::restic/locks/*" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:ListBucket", | |
| "s3:GetObject", | |
| "s3:PutObject" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::restic/*" | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The policy outline above allows restic to perform a
backupand read-only operations. Per designforgetandprunecommands are NOT permitted. This is especially useful when running scheduled backup tasks on remote machines. To increase security create a dedicated user (heresomeuser) per machine.The bucket name is here
restic, if your bucket differs please change the policy above accordingly.$ mc admin user add myminio someuser $ mc admin policy add myminio backup minio-restic-policy.json $ mc admin policy set myminio backup user=someuser $ mc admin user policy myminio someuserTested with restic
v0.12.0and minioRELEASE.2021-06-17T00-10-46Z