Using Generic Simple Storage Service (S3) as a primary storage for Enterprise Vault
- Overview
- Configuring Generic Simple Storage Service (S3) primary partition
- Known Issues
- Troubleshooting
Getting the Generic S3 supported authentication
You must have the following for using the Simple Storage Service (S3) compliant storage device:
Enterprise Vault 14.1 or later
S3 storage device's Access Key ID and Secret Access Key, for connecting to it
S3 storage device's service host name
S3 bucket name
S3 storage device's bucket access type
Bucket's region
Replication configured on the bucket to be used, with replication set to the same region or cross region
If you are specifying credentials of a user who has restricted access to S3 regions, then you should add the following minimum permissions to that user for accessing and using the S3 bucket.
{ "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:GetBucketLocation", "s3:ListBucket", "s3:GetBucketObjectLockConfiguration" ], "Resource": "*" }
By default, the partition is created in the non-WORM mode. In Enterprise Vault 14.2 or later, the Enterprise Vault administrator has the option to create the partition in the non-WORM or WORM mode.
If you choose to create the partition in the WORM mode, you must set following permissions:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:GetBucketLocation", "s3:ListBucket", "s3:PutObjectRetention", "s3:GetBucketObjectLockConfiguration", "s3:GetObjectVersion", "s3:ListBucketVersions", "s3:DeleteObjectVersion", "s3:GetObjectRetention" ], "Resource": "*" } ] }
The following operations can be performed during configuration:
Add a new Generic S3 partition
View a Generic S3 partition
Edit a Generic S3 partition
Delete a Generic S3 partition