Use this dialog box to add (or modify) Amazon S3, with AWS IAM Role Policy authentication, as a storage target.
Note
Use the following information to add or modify an Amazon S3 cloud storage library with AWS IAM Role Policy authentication in the Add / Edit Cloud dialog box. Refer to Amazon S3 documentation for additional information on the inputs required in this dialog box.
Configurable Options
Option |
Description |
Additional Information |
---|---|---|
Name |
The name of the Cloud library. |
|
Device Name |
A unique device name generated by the system when the library is added. |
|
Type |
Select Amazon S3 from the list. |
|
MediaAgent |
The name of the MediaAgent to which the device is attached. Select a MediaAgent from the list to add to the cloud storage device. The list contains the names of all the MediaAgents configured in the CommCell. |
For AWS IAM Role Policy the selected MediaAgent must reside in the EC2 instance and an IAM Role must be associated with the EC2 instance. Make sure to select the specific MediaAgent from the drop-down list during library configuration. (For more information about installing the MediaAgent on the EC2 instance, see MediaAgent Installations.) |
Access Information |
Add the credentials and other details required to access the cloud storage space. |
|
Authentication |
Select AWS IAM Role Policy. |
AWS Identity and Access Management (IAM) role policies are used to avoid the effort associated with rotating access keys and secret keys within an organization. An AWS IAM role permitting activity on your AWS resources (EC2, S3) is created and associated with your AWS-based MediaAgent. No credentials are stored within the Commvault system. You can create the AWS IAM Role Policy using the IAM Console. For more information about creating AWS IAM Role Policy, see http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html. |
Create the IAM role with the following permissions. |
Sample json file with these permissions. |
|
|
|
|
Service Host |
A valid endpoint name for the Amazon S3 region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.) Default: |
|
Bucket |
Click the Detect button to detect an existing bucket. |
Sometimes, existing bucket list may not get populated while detecting the buckets, as some vendors may not support this operation, or if there are no permissions to complete the operation. In such cases, type the name of the existing bucket that you want to use. The system will automatically use the existing bucket if it is available. |
Storage Class |
The following Amazon S3 storage classes are supported for Commvault Cloud Storage libraries:
|
Reference https://aws.amazon.com/s3/storage-classes/ for more information. |
Use Combined Tier |
Enable the option to use a combine storage tier, with S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, or S3 Glacier Deep Archive Storage Classes. |
This option will be enabled when S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, or S3 Glacier Deep Archive Storage Class is selected. |
Combined Storage Class |
The following combined Storage options are available for the Glacier Flexible and Glacier Deep Archive storage classes:
|