Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TiDB 7.1+ checkpoint restore requires s3:DeleteObject permission (#17111) (#17159) #17164

Merged
merged 3 commits into from
Apr 11, 2024
Merged

TiDB 7.1+ checkpoint restore requires s3:DeleteObject permission (#17111) (#17159) #17164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
06a464c
This is an automated cherry-pick of #17159
ti-chi-bot Apr 11, 2024
c55f9c5
Apply suggestions from code review
hfxsd Apr 11, 2024
54abfa8
Apply suggestions from code review
hfxsd Apr 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion br/backup-and-restore-storages.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ When storing backup data in a cloud storage system, you need to configure authen

Before backup, configure the following privileges to access the backup directory on S3.

- Minimum privileges for TiKV and Backup & Restore (BR) to access the backup directories during backup: `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, and `s3:AbortMultipartUpload`
- Minimum privileges for TiKV and Backup & Restore (BR) to access the backup directories during backup: `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, `s3:DeleteObject`, and `s3:AbortMultipartUpload`
- Minimum privileges for TiKV and BR to access the backup directories during snapshot restore: `s3:ListBucket` and `s3:GetObject`
- Minimum privileges for TiKV and BR to access the backup directories during log restore: `s3:ListBucket`, `s3:GetObject`, and `s3:PutObject`. When restoring log backup data, BR writes the database and table to be restored to the backup directory.

Expand Down
2 changes: 1 addition & 1 deletion br/backup-and-restore-use-cases.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ The detailed steps are as follows:

2. Configure permissions for BR and TiKV to access the S3 directory. It is recommended to grant permissions using the IAM method, which is the most secure way to access the S3 bucket. For detailed steps, refer to [AWS documentation: Controlling access to a bucket with user policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html). The required permissions are as follows:

- TiKV and BR in the backup cluster need `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, and `s3:AbortMultipartUpload` permissions of the `s3://tidb-pitr-bucket/backup-data` directory.
- TiKV and BR in the backup cluster need `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, `s3:DeleteObject`, and `s3:AbortMultipartUpload` permissions of the `s3://tidb-pitr-bucket/backup-data` directory.
- Snapshot restore: TiKV and BR in the restore cluster need `s3:ListBucket` and `s3:GetObject` permissions of the `s3://tidb-pitr-bucket/backup-data` directory.
- Log restore: TiKV and BR in the restore cluster need `s3:ListBucket`, `s3:GetObject`, and `s3:PutObject` permissions of the `s3://tidb-pitr-bucket/backup-data` directory.

Expand Down
Loading