#User Policy for Amazon S3 Backups Using Updraft Plus
This user policy prevents the user credentials from being used to deleate backups from within the wordpress admin settings page for the plugin. This prevents anyone accidentaly or delibertly removing backups. The versioning and deleating is handeled by S3 bucket policies.
To make this user policy useful, we need to removed these two actions: "s3:DeleteObject", "s3:DeleteObjectVersion",
To update and use this policy, run a find and replace on "mybucket" and replace with your S3 bucket name.
For added security you can limit the IP addresses that can act as the source, your server. To use this option run a find and replace on Your IP Address
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::mybucket",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::mybucket/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
Source