Configuring AWS IAM Role Policy for Authentication

AWS IAM Role Policy is available for authentication to configure both the Amazon S3 and Amazon Glacier (Direct). Use the following steps to configure the library using the AWS IAMRole policy.


  1. Create the AWS IAM Role policy using the IAM Console.

    For more information on creating AWS IAM Role policy, see http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html.

  2. Install the MediaAgent in an EC2 instance.

    For more information on installing the MediaAgent, see MediaAgent Installations.

  3. Configure the storage library using the AWS IAM Role Policy.

    For more information on configuring cloud storage libraries, see Creating a Cloud Library from the CommCell Console.

Additional Information

The IAM Role must have the following permissions:

  • Amazon EC2 Full Access
  • Amazon S3 with the following actions: (sample json file with these actions)



    • The CreateBucket permission is required only when the bucket must be created by the MediaAgent while configuring the cloud storage. (This permission can be skipped if an existing bucket is used for configuring the cloud storage.)
    • The ListAllMyBuckets permissions request is required for the Detect button to work.
    • To recall data from Amazon Glacier to S3, make sure that the user associated with the bucket has the RestoreObject permission. For more information on POST Object restore, see https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOSTrestore.html.

Last modified: 4/25/2019 9:03:31 PM