Setting up Amazon S3
IAM policy
To allow Notion Backups to connect to your S3 bucket, attach the policy below to your IAM user (replace yourbucket with your bucket's name):
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "GrantLimitedAccessToThisS3Bucket",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::yourbucket",
"arn:aws:s3:::yourbucket/*"
]
}]
}It's better to create a new IAM user with only this policy attached to keep your AWS account secure.
Prefix
You can choose to organize your backups in a folder by specifying the prefix in the dashboard.
Furthermore, to limit your IAM user's access to a specific folder, include the prefix after the bucket name in your policy. For example, if you want to restrict access to the "notion_backups" folder within yourbucket, you can define your Resource in the following way:
"Resource": [
"arn:aws:s3:::yourbucket",
"arn:aws:s3:::yourbucket/notion_backups/*"
]
Access keys
Access Key ID and Security Access Key are both encrypted at rest with a separate layer of encryption.
Security Access Key can't be changed after creation.
Terraform
If you're using Terraform to control your AWS infrastructure, you can use the following script to create an IAM policy:
resource "aws_iam_policy" "notion_backups" {
name = "notion_backups"
description = "Create an IAM policy granting limited control to the S3 bucket."
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Sid = "GrantLimitedAccessToThisS3Bucket"
Effect = "Allow"
Action = [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
]
Resource = [
aws_s3_bucket.notion_backups.arn,
"${aws_s3_bucket.notion_backups.arn}/*"
]
}]
})
}S3-compatible object storage
See BackblazeB2 docs on how to connect to S3-compatible object storage providers.
If you need help setting up your AWS account or with anything else, feel free to reach out.