Setting up Amazon S3

IAM policy

To allow Notion Backups to connect to your S3 bucket, attach the policy below to your IAM user (replace yourbucket with your bucket's name):

{
      "Version": "2012-10-17",
      "Statement": [{
          "Sid": "GrantLimitedAccessToThisS3Bucket",
          "Effect": "Allow",
          "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:DeleteObject"
          ],
          "Resource": [
              "arn:aws:s3:::yourbucket",
              "arn:aws:s3:::yourbucket/*"
          ]
      }]
}

It's better to create a new IAM user with only this policy attached to keep your AWS account secure.

Prefix

You can choose to organize your backups in a folder by specifying the prefix in the dashboard.

Furthermore, to limit your IAM user's access to a specific folder, include the prefix after the bucket name in your policy. For example, if you want to restrict access to the "notion_backups" folder within yourbucket, you can define your Resource in the following way:

"Resource": [
    "arn:aws:s3:::yourbucket",
    "arn:aws:s3:::yourbucket/notion_backups/*"
]

Terraform

If you're using Terraform to control your AWS infrastructure, you can use the following script to create an IAM policy:

resource "aws_iam_policy" "notion_backups" {
    name = "notion_backups"
    description = "Create an IAM policy granting limited control to the S3 bucket."

    policy = jsonencode({
      Version = "2012-10-17"
      Statement = [{
        Sid = "GrantLimitedAccessToThisS3Bucket"
        Effect = "Allow"
        Action = [
          "s3:GetObject",
          "s3:PutObject",
          "s3:DeleteObject"
        ]
        Resource = [
          aws_s3_bucket.notion_backups.arn,
          "${aws_s3_bucket.notion_backups.arn}/*"
        ]
      }]
    })
}

If you need help setting up your AWS account or with anything else, feel free to reach out.