Securing your AWS S3 bucket

If you want to store one-time or recurring backups to your own Amazon S3 bucket at Amazon Web Services (AWS), you must secure your container using AWS Identity and Access Management (IAM).

Below we provide step-by-step instructions on how you can use IAM to create a custom policy for an account user that mLab can use to access your AWS S3 bucket.

  1. Log in to the AWS Management Console
  2. If you have already created your AWS S3 bucket for backup, continue to step 3
  3. Click “IAM” or visit the IAM Console
  4. Create a custom policy (e.g “mLabS3BackupsPolicy”)
    • Copy and paste the policy below but replace “youraccountname-mlab-backups” with the name of your AWS S3 bucket for backup
    • Do not change the “Version” date (for more information, see AWS’s IAM documentation)
  5. Create a new group (e.g. “mLabGroup”) and attach the policy created in step 4 to this new group.
  6. Create a user for your mLab backups (e.g. “mLabUser”)
  7. Make note of the user’s credentials (Access Key ID and Secret Access Key) since they will be required when scheduling backups in the mLab management portal
  8. Add the user you created in Step 6 to the group that you created in Step 5

Policy to cut and paste

  "Version": "2012-10-17", 
  "Statement": [
          "Effect": "Allow",
          "Action": [ "s3:ListBucket" ],
          "Resource": "arn:aws:s3:::youraccountname-mlab-backups"
          "Effect": "Allow",
          "Action": [
          "Resource": [ "arn:aws:s3:::youraccountname-mlab-backups/*" ]