Created
July 4, 2021 21:38
-
-
Save obale/f44539a898001dff4b1b3773d7cb3511 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:*" | |
], | |
"Resource": [ | |
"arn:aws:s3:::restic/locks", | |
"arn:aws:s3:::restic/locks/*" | |
] | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:ListBucket", | |
"s3:GetObject", | |
"s3:PutObject" | |
], | |
"Resource": [ | |
"arn:aws:s3:::restic/*" | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The policy outline above allows restic to perform a
backup
and read-only operations. Per designforget
andprune
commands are NOT permitted. This is especially useful when running scheduled backup tasks on remote machines. To increase security create a dedicated user (heresomeuser
) per machine.The bucket name is here
restic
, if your bucket differs please change the policy above accordingly.$ mc admin user add myminio someuser $ mc admin policy add myminio backup minio-restic-policy.json $ mc admin policy set myminio backup user=someuser $ mc admin user policy myminio someuser
Tested with restic
v0.12.0
and minioRELEASE.2021-06-17T00-10-46Z