Granting Permissions for Amazon S3 Batch Operations

For faster restores for S3 Glacier to operate, you must allow the creation of new S3 Batch Operations jobs from your existing Commvault MediaAgents, and allow those jobs to perform S3 Glacier Restore Operations.


  1. Configure your new S3 Glacier-based cloud storage location and associated MediaAgent credentials by using Faster_Restores_Amazon_S3_Glacier_IAM_role_actions.json.

    Alternatively, you can modify an existing Commvault MediaAgent credential by ensuring that the AWS IAM role and permissions match the IAM role definition above.

  2. Establish a trust relationship for your MediaAgent role to the S3 Batch Operations service by editing the trust relationship for an existing role. Paste the content of S3 Batch Operations s3batchoperations_trust_policy.JSON into the trust policy editor, and then select Update policy.

  3. Create a new IAM role for Amazon S3 Batch Operations to assume during batch restores using the IAM permissions in Faster_Restores_Amazon_S3_Glacier_IAM_role_permissions.json.