S3 IAM policy generator

S3 IAM policy generator

Bucket Name: (no periods please)

Create an IAM user and assign this role to that IAM user (as an inline policy if desired). Create the userify-yourco-prod bucket before applying this policy to your instances. (This policy is automatically installed when using our free Cloud Formation template for Userify Enterprise.)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowRootLevelListingForUserify",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::userify-yourco-prod"
            ]
        },
        {
            "Sid": "AllowUserToReadWriteForUserify",
            "Action": [
                "s3:HeadObject",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::userify-yourco-prod/*"
            ]
        }
    ]
}

Backing up your S3 bucket

Although we recommend that you backup the /opt/userify-server/base_config.cfg file after initial configuration, Userify can re-populate all missing data directly from the S3 bucket information, as long as you record the encryption key that's provided to you during setup somewhere safe.

Always be sure to regularly back up the S3 bucket offline, to a location that's outside of your AWS account, such as a corporate datacenter. If you are using a cluster, you only need to record the encryption key and/or base_config.cfg from one of the instances and then be sure to take regular backups of your S3 bucket as well. Please note: if you are using a Userify Enterprise cluster created by a CloudFormation template that we supply, you must also maintain backups of your Elasticache cluster using the built-in tools.