You can back up your Amazon S3 data using your own access nodes by selecting the appropriate AWS authentication method—such as IAM role, STS assume role, or access key and secret key—based on your environment and security requirements.
-
AWS STS assume role: You have Amazon S3 buckets in different AWS accounts (can be used for AWS cross-account access).
-
IAM role: You have an AWS account that is attached to an Amazon Elastic Compute Cloud (EC2) virtual machine and you need to back up buckets in the same account.
-
Access key for IAM users: As a best practice, AWS recommends using IAM roles instead of access keys. For more information, see Security best practices in IAM in the AWS documentation.