<\/figure><\/div>\n\n\n\nCreate an Access Policy<\/h2>\n\n\n\n Now that we have the location for the backup setup, it's time to setup how the website is going to access it.<\/p>\n\n\n\n
In your Amazon Management Console, navigate to IAM<\/em>.<\/p>\n\n\n\nIAM stands for Identity and Access Management<\/em>. It's the process Amazon uses to handle who can login to what and what they can do while in there.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nSelect Policies<\/em> and then \"Create policy\".<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nUnder Service<\/em>, type \"s3\" to filter for S3. Then click S3<\/em>.<\/p>\n\n\n\nWe're going to use the Visual Editor<\/em> to create this Policy. Scroll down if you prefer to do it by JSON.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nUnder Actions<\/em>, we set what this account can do.<\/p>\n\n\n\nThe next few steps will apply to most WordPress Backup plugins.<\/p>\n\n\n\n
If you get \"Insufficient Access\" errors, or something similar, this is where you'll make changes. You can come back and edit this policy later if it doesn't allow what you need.<\/p>\n\n\n\n
Under List, select ListBucket<\/em>.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nUnder Read, select:<\/p>\n\n\n\n
GetBucketLocation<\/li> GetObject<\/li> GetObjectAcl<\/li> GetObjectVersion<\/li> GetObjectVersionAcl<\/li> ListBucketMultipartUploads<\/li><\/ul>\n\n\n\n <\/figure><\/div>\n\n\n\nUnder Write, select<\/p>\n\n\n\n
AbortMultipartUpload<\/li> PutObject<\/li><\/ul>\n\n\n\n <\/figure><\/div>\n\n\n\nUnder Permissions management select<\/p>\n\n\n\n
PutObjectAcl<\/li> PutObjectVersionAcl<\/li><\/ul>\n\n\n\n <\/figure><\/div>\n\n\n\nThat's it for the access. Now we have to attach the Policy to the Bucket and Folder we setup earlier.<\/p>\n\n\n\n
ARN means Amazon Resource Names<\/em>. It's basically the unique naming conventions for things like Buckets and Folders.<\/p>\n\n\n\nClick Add ARN<\/em> next to bucket<\/em>.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nType your Bucket name where listed. It will automatically fill the correct ARN for the backup Bucket.<\/p>\n\n\n\n
Click \"Add\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nClick Add ARN<\/em> next to object<\/em>. This will be for the Folder.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nType your Bucket name in the Bucket name field and the Folder name in the Object name field.<\/p>\n\n\n\n
You'll see the ARN automatically filled in as you type.<\/p>\n\n\n\n
Click \"Add\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nOnce you've gone through those steps, click \"Review policy\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nAdd a name and a description to the Policy.<\/p>\n\n\n\n
You'll be filtering by name later, so I recommend you follow the same format for each of your backup policies, just changing the domain name at the end.<\/p>\n\n\n\n
Once you're done, click \"Create policy\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nCreate an Access Policy with JSON<\/h3>\n\n\n\n If you're a bit of a power user, you can create this Policy with JSON (JavaScript Object Notation). It looks like this:<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nHere is the code for you to copy and paste. Make sure you change the entries in \"Resource\" to your Bucket and Folder.<\/p>\n\n\n\n
{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:PutObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetObject\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:AbortMultipartUpload\",\n \"s3:PutObjectVersionAcl\",\n \"s3:GetObjectVersionAcl\",\n \"s3:ListBucket\",\n \"s3:GetBucketLocation\",\n \"s3:PutObjectAcl\",\n \"s3:GetObjectVersion\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::mikedemobackups\/domain.com\",\n \"arn:aws:s3:::mikedemobackups\"\n ]\n }\n ]\n}<\/code><\/pre>\n\n\n\nDon't worry if this code confuses you. It's just a different way of doing the same thing as we did in the Visual Editor<\/em>.<\/p>\n\n\n\nCreate a Group and attach the Policy<\/h2>\n\n\n\n Congratulations, the hard part is done.<\/p>\n\n\n\n
Now to create a Group for the Policy.<\/p>\n\n\n\n
Click Groups<\/em> then \"Create New Group\".<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nSet the Group Name. This can be the same name as your Policy, or you might want to shorten it, as I've done.<\/p>\n\n\n\n
Click \"Next Step\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nUse the filter to find the Policy you created earlier. When you first see this screen, it will have all 424 of the pre-defined Amazon Policies.<\/p>\n\n\n\n
Once you've found your Policy, select it, then click \"Next Step\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nThere's not much to see on this screen. Just make sure you've selected the right things.<\/p>\n\n\n\n
Click \"Create Group\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nCreate a User and add it to the Group<\/h2>\n\n\n\n Many people start by creating the User. By doing so, they usually have to complete all the other steps on the fly.<\/p>\n\n\n\n
This is the last step in getting our credentials.<\/p>\n\n\n\n
Click Users<\/em>, then click \"Add user\".<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nAdd a User name. I like to keep it consistent and use the same name as for the previous steps.<\/p>\n\n\n\n
Select Programmatic access<\/em>, then click \"Next: Permissions\".<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nThe button Add user to group<\/em> should already be selected.<\/p>\n\n\n\nSelect the Group you created earlier, then click \"Next: Tags\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nYou can add tags to track access if you like, but I don't usually add anything here.<\/p>\n\n\n\n
Click \"Next: Review\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nCheck everything looks good, then click \"Create user\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nYou'll then see your Access key ID<\/em> and Secret access key<\/em>.<\/p>\n\n\n\nYou'll need to click Show<\/em> to see your Secret access key<\/em>.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nMake sure to save the Access key ID<\/em> and Secret access key<\/em> somewhere safe. You'll need to add these to your WordPress backup plugin.<\/p>\n\n\n\nThis will be the ONLY<\/strong> time you'll see the Secret Access Key. Make sure you save it<\/p><\/blockquote>\n\n\n\nWhat if you lose your Access Key ID and Secret Access Key?<\/h2>\n\n\n\n Unfortunately, if you lose your Secret Access Key<\/em>, you can't get it back.<\/p>\n\n\n\nIf you lose your Secret Access Key<\/em>, you'll need to create a new access key. This is really quick and easy.<\/p>\n\n\n\nTo create a new Access Key<\/em>, login to the Amazon Console<\/a>.<\/p>\n\n\n\nNavigate to Users<\/em> and click on the User for your website.<\/p>\n\n\n\n <\/figure><\/div>\n\n\n\nClick on the Security credentials<\/em> tab, click the X next to Make inactive<\/em> for the old Access Key to delete it. Click \"Delete\" on the popup.<\/p>\n\n\n\nNext, click \"Create access key\".<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nAfter you click \"Create access key\", you'll get a popup with the details of the new key.<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nBe careful not to click anywhere outside the box until you've saved your Secret Access Key<\/em>. Clicking outside that box will cause the popup to disappear.<\/p>\n\n\n\nMake sure you at least save the Secret Access Key<\/em>. You'll be able to see the Access Key ID<\/em> later in your account, but this is the only time you'll see the Secret Access Key<\/em>.<\/p>\n\n\n\nNote<\/strong>: you can only have two Access Keys for this type of account. Just delete any unused Access Keys and you'll be fine. If you need more Access Keys, you'll need to create a new User.<\/p>\n","protected":false},"excerpt":{"rendered":"Many people use Amazon S3 to store the backups from their WordPress websites. Most of the good backup plugins integrate with Amazon S3. All you have to do is input your Amazon Access Key ID and Secret Access Key. The way their accounts are setup leave many people’s Amazon accounts wide open if someone were<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"yoast_head":"\n
How To Setup Amazon S3 Permissions For WordPress Backups<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n