Using Amazon Simple Storage Service (S3) as a primary storage for Enterprise Vault
- Overview
- Configuring Amazon Simple Storage Service (S3) primary partition
- About configuring Amazon S3 primary partition
- Getting the Amazon S3 supported authentication
- Configuring Amazon S3 primary partition
- Adding a new Amazon S3 partition that uses Access Keys authentication
- Adding a new Amazon S3 partition that uses IAM Role authentication
- Adding a new Amazon S3 partition that uses STS Assume Role authentication
- Viewing an Amazon S3 partition
- Editing an Amazon S3 partition
- Deleting an Amazon S3 partition
- Smart partition for Amazon S3
- Configuring replication with the supported option
- Known Issues
- Troubleshooting
Getting the Amazon S3 supported authentication
You must have the following for using the Amazon S3 cloud storage:
Enterprise Vault 14.0 or later
AWS S3 bucket name
Multiple AWS authentication types, which includes:
AWS standard authentication that makes use of Access Key ID and Secret Access Key, for AWS public cloud.
AWS IAM Role that makes use of AWS Identity and Access Management (IAM) Access Key ID and Secret Access Key, for AWS public cloud.
AWS Security Token Service (STS) authentication for AWS public cloud.
Multiple AWS storage classes, including S3 Standard, S3 Standard-IA, S3 One Zone-IA, S3 Intelligent-Tiering, and S3 Glacier Instant Retrieval.
Server-side encryption with Amazon S3-Managed Encryption Keys.
Replication configure the bucket replication with the same region or cross region on the AWS portal to use.
For any authentication method that you are using to create a vault store partition or a smart partition, if you are specifying credentials of a user who has access to restricted AWS regions, then you should add the following permissions to the IAM policy attached to that user.
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "us-east-1"
}In case of Enterprise Vault 14.0 or any of its hotfix, the following permission should be added to the IAM policy attached to the user:
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "us-west-1"
}The following operations can be performed during configuration:
Add a new Amazon S3 partition that uses Access Keys authentication
Add a new Amazon S3 partition that uses IAM Role authentication
Add a new Amazon S3 partition that uses STS Assume Role authentication
View an Amazon S3 partition
Edit an Amazon S3 partition
Delete an Amazon S3 partition