Setting up Amazon S3
IAM policy
To allow Notion Backups to connect to your S3 bucket, attach the policy below to your IAM user (replace yourbucket with your bucket's name):
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "GrantLimitedAccessToThisS3Bucket",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::yourbucket",
"arn:aws:s3:::yourbucket/*"
]
}]
}
It's better to create a new IAM user with only this policy attached to keep your AWS account secure.
Prefix
You can choose to organize your backups in a folder by specifying the prefix in the dashboard.
Furthermore, to limit your IAM user's access to a specific folder, include the prefix after the bucket name in your policy. For example, if you want to restrict access to the "notion_backups" folder within yourbucket, you can define your Resource in the following way:
"Resource": [
"arn:aws:s3:::yourbucket",
"arn:aws:s3:::yourbucket/notion_backups/*"
]
Terraform
If you're using Terraform to control your AWS infrastructure, you can use the following script to create an IAM policy:
resource "aws_iam_policy" "notion_backups" {
name = "notion_backups"
description = "Create an IAM policy granting limited control to the S3 bucket."
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Sid = "GrantLimitedAccessToThisS3Bucket"
Effect = "Allow"
Action = [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
]
Resource = [
aws_s3_bucket.notion_backups.arn,
"${aws_s3_bucket.notion_backups.arn}/*"
]
}]
})
}
If you need help setting up your AWS account or with anything else, feel free to reach out.