Using Generic Simple Storage Service (S3) as a primary storage for Enterprise Vault

Last Published:
Product(s): Enterprise Vault (14.1)

Getting the Generic S3 supported authentication

You must have the following for using the Simple Storage Service (S3) compliant storage device:

  • Enterprise Vault 14.1 or later

  • S3 storage device's Access Key ID and Secret Access Key, for connecting to it

  • S3 storage device's service host name

  • S3 bucket name

  • S3 storage device's bucket access type

  • Bucket's region

  • Replication configured on the bucket to be used, with replication set to the same region or cross region

If you are specifying credentials of a user who has restricted access to S3 regions, then you should add the following minimum permissions to that user for accessing and using the S3 bucket.

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"s3:PutObject",

"s3:GetObject",

"s3:DeleteObject",

"s3:GetBucketLocation",

"s3:ListBucket",

"s3:GetBucketObjectLockConfiguration"

],

"Resource": "*"

}

By default, the partition is created in the non-WORM mode. In Enterprise Vault 14.2 or later, the Enterprise Vault administrator has the option to create the partition in the non-WORM or WORM mode.

If you choose to create the partition in the WORM mode, you must set following permissions:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:PutObjectRetention",
"s3:GetBucketObjectLockConfiguration",
"s3:GetObjectVersion",
"s3:ListBucketVersions",
"s3:DeleteObjectVersion",
"s3:GetObjectRetention"
],
"Resource": "*"
}
]
}

The following operations can be performed during configuration:

  • Add a new Generic S3 partition

  • View a Generic S3 partition

  • Edit a Generic S3 partition

  • Delete a Generic S3 partition