Notion Backups
Log in Sign up

Setting up Amazon S3

To back up your Notion workspace to Amazon S3, connect Notion and add your S3 bucket details: access key, secret access key, region, bucket name, and optionally, a prefix.

Access keys

Access key and secret access key are both encrypted at rest with a separate layer of encryption.

Secret access key can't be changed after creation.

IAM policy

To allow Notion Backups to connect to your S3 bucket, attach the policy below to your IAM user (replace yourbucket with your bucket's name):

{
      "Version": "2012-10-17",
      "Statement": [{
          "Sid": "GrantLimitedAccessToThisS3Bucket",
          "Effect": "Allow",
          "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:DeleteObject"
          ],
          "Resource": [
              "arn:aws:s3:::yourbucket",
              "arn:aws:s3:::yourbucket/*"
          ]
      }]
}

It's better to create a new IAM user with just this policy attached to keep your AWS account secure.

Prefix

You can choose to organize your backups in a folder by specifying the prefix in the dashboard.

If you want to limit your IAM user's access to a specific folder, include the prefix after the bucket name in your policy. For example, if you want to restrict access to the "notion_backups" folder within yourbucket, you can define your Resource in the following way:

"Resource": [
    "arn:aws:s3:::yourbucket",
    "arn:aws:s3:::yourbucket/notion_backups/*"
]

Terraform

If you're using Terraform to control your AWS infrastructure, you can use the following script to create an IAM policy:

resource "aws_iam_policy" "notion_backups" {
    name = "notion_backups"
    description = "Create an IAM policy granting limited control to the S3 bucket."

    policy = jsonencode({
      Version = "2012-10-17"
      Statement = [{
        Sid = "GrantLimitedAccessToThisS3Bucket"
        Effect = "Allow"
        Action = [
          "s3:GetObject",
          "s3:PutObject",
          "s3:DeleteObject"
        ]
        Resource = [
          aws_s3_bucket.notion_backups.arn,
          "${aws_s3_bucket.notion_backups.arn}/*"
        ]
      }]
    })
}

S3-compatible object storage

See S3-compatible object storage docs on how to connect to various object storage providers.

If you need help setting up your AWS account or with anything else, feel free to reach out.