Arq Help

Create AWS Key Pair

The easiest way to get started with AWS is to create a "root" key pair.

1. Go to the AWS Console and log in.
2. Click on your name at the top right and click "My Security Credentials" in the drop-down menu.
3. Click the triangle next to "Access Keys" to expand it.
4. Click "Create New Access Key". Then click "Show Access Key" in the pop-up window to see the key pair you just created:
   
5. Use that key pair to add a destination in Arq: Go to Arq's preferences, Destinations tab, click the + sign to add a destination, choose Amazon S3/Glacier, and enter the key pair.

AWS IAM

If you'd prefer to use Amazon's IAM system instead of root keys, there are 2 options:

Option 1: Create Your Own IAM User

Create an IAM user with a policy that allows all actions on your bucket and its contents. Use its key pair in Arq.

Here's a sample policy that I used for my S3 bucket named "arqstefanbucket":

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": "s3:*",
           "Resource": [
               "arn:aws:s3:::arqstefanbucket",
               "arn:aws:s3:::arqstefanbucket/*"
           ]
       },
       {
           "Effect": "Allow",
           "Action": "s3:ListAllMyBuckets",
           "Resource": "arn:aws:s3:::*"
       }
   ]
}

Option 2: Let Arq Create the User

1. Create a root key pair (explained above) and configure Arq with it.
2. Direct Arq to create and use a new IAM user with just enough permission to read/write its own data in your AWS account: Restricting Amazon Permissions