To add an archive tier
- In the navigation menu, click Cloud Storage to expand the menu, then click Archive Tier.
- In the Archive Tier pane, click Configure to add a cloud tier.
- In the archive provider drop-down, select AWS S3.
- Provide the name for your S3 bucket.
- Enter your Connection String using one of the two methods below:
- Default - this option will compile your connection string into the correct format using the inputs below.
- Access key - The access key is typically 20 upper-case English characters
- Secret key - The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- Region - The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
- Custom - this option allows you to enter your connection string with additional parameters.
- Your connection string uses the following syntax:
"accesskey=<ABDCEWERS>;secretkey=< >; loglevel=warn; region=<aws-region>;"
Please note the following:
- The access key is typically 20 upper-case English characters
- The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
An example of a connection string with this syntax follows. Logically, each connection string is unique.
accesskey=AKIARERFUCFODHFJUCWK;secretkey=p+8/T+o5WeZkX11QbuPazHX1IdWbwgFplxuVlO8J;loglevel=warn;region=eu-central-1;
- Your connection string uses the following syntax:
- Default - this option will compile your connection string into the correct format using the inputs below.
- To apply encryption, in the Archive Tier Encryption section enter the following:
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
IMPORTANT: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. If this passphrase is lost or forgotten, data in the cloud will be unrecoverable.
- Confirm Passphrase — re-enter the passphrase used above.
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
- In the Archive Tier Options section, enter the following:
- Archive Retention in Warm Cloud - When restore operation succeeds, a temporary copy of the Glacier object is created in standard S3 storage. This setting specifies the number of days this temporary copy is held in S3 before it is deleted. Valid values are any integral values from 1 through 365.
-
Archive Role ARN - S3 must have permissions to perform Lambda and batch operations on behalf of the user. An IAM role must be created that has "Create Job", "Pass Role" and other permissions to access the buckets as well as perform the Lambda and batch operations. The account admin is expected to create such roles.
NOTE: For more information on required permissions and lambda and batch operations, refer to Configuring required permissions to restore from Archive Tier and the AWS documents Granting permissions for Amazon S3 Batch Operations, What is AWS Lambda?, and The basics: S3 Batch Operations.
- Archive Service Name- Select between S3-Glacier or S3 Deep Archive.
- Click Configure. A Cloud Storage Group will be created.
- To enable replication to the cloud, you must link a local container to the cloud using the procedures in Adding a cloud tiering policy.