SD4H wiki

Backing up Object Store: Difference between revisions

Page Discussion

Backing up Object Store (view source)

Revision as of 21:40, 9 October 2024

587 bytes added ,  9 October 2024
→‎Give us permission
(Created page with "It is possible to have a backing up of object store data to our TSM tape system. Here is the formal procedure to do so. ===List bucket=== Send a list of bukets to backup to juno@calculquebec.ca with the name of the project where the buckets live. ===Give us permission=== You need to configure the iam policy statement of *all the buckets* you want to backup so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added....")
 
Line 9: Line 9:
You need to configure the iam policy statement of *all the buckets* you want to backup so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.
You need to configure the iam policy statement of *all the buckets* you want to backup so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.


For example, using the [https://docs.aws.amazon.com/cli/latest/ aws cli] and apply the policy on <code>my-bucket</code> using the <code>my-profile</code> identity.


First, we make sure that <code>my-bucket</code> has currently no policy.


For example, using the [https://docs.aws.amazon.com/cli/latest/ aws cli] and apply the policy on <code>my-bucket</code> using the <code>my-profile</code> identity.
<syntaxhighlight lang=bash>
$ aws s3api --profile my-project  get-bucket-policy --bucket  my-bucket
 
An error occurred (NoSuchBucketPolicy) when calling the GetBucketPolicy operation: The bucket policy does not exist
</syntaxhighlight>


First, we make sure that the bucket has currently no policy.  
If that command returns something you need to add the new statement the existing policy. But we are no covering that here.
<source lang="bash">
$aws s3api --profile my-project  get-bucket-policy --bucket  my-bucket
</source>


An error occurred (NoSuchBucketPolicy) when calling the GetBucketPolicy operation: The bucket policy does not exist
Adding policy.json to `my-bucket`
<div class="filename">'''File :''' policy.json </div>
<syntaxhighlight lang=json file=my-policy.json>
{
"Statement": [
  {
    "Effect": "Allow",
    "Principal": {"AWS": ["arn:aws:iam:::user/tsm"]},
    "Action": [
      "s3:ListBucket",
      "s3:GetObject"
    ],
    "Resource": [
      "arn:aws:s3:::my-bucket/*",
      "arn:aws:s3:::my-bycket"
    ]
  }
]
}
</syntaxhighlight>


```
Then loading the policy to the bucket:
If that command returns something you need to add the new statement the existing policy. But we are no coverint that here.


Adding the policy to `my-bucket`
<syntaxhighlight>
$aws s3api --profile my-profile  put-bucket-policy --policy file://my-policy.json --bucket my-bucket
</syntaxhighlight>
Poq
142

edits

Retrieved from "https://wiki.c3g-app.sd4h.ca/wiki/Special:MobileDiff/23"