Skip to content

AWS S3 bucket requirements

Before enabling Database Backup Shipping or HTTP request Log Shipping features, an AWS S3 bucket must be correctly configured to receive the shipped files.

  • The name of the AWS S3 bucket must be globally unique. To ensure a unique bucket name, VIP recommends including the organization’s name, the application’s name, and the name of the enabled feature. For example, an organization named “Acme, Inc.” would name their S3 bucket for Database Backup Shipping: acme-inc-db-shipping. Failure to create a globally unique name creates a risk for files to be shipped to an S3 bucket other than the one intended.
  • The AWS S3 bucket name can only include lowercase letters (a-z), numbers (0-9) and hyphens (-). Review the AWS bucket naming requirements for additional information.
  • File shipping will fail if the name of the AWS S3 bucket includes a period (.).

Files from more than one of an organization’s applications and environments can be shipped to a single S3 bucket.


In order to complete the setup of an AWS S3 bucket, a user must have sufficient access permissions to:

  • Modify the AWS bucket policy of the AWS S3 bucket.
  • Create an AWS CloudFormation stack in the AWS account.


Specifying a destination directory within an S3 bucket using a custom path is not supported.


  • Files are encrypted in-transit using TLS between VIP and the AWS S3 bucket.
  • To ensure that files are encrypted at-rest, configure encryption for the AWS S3 bucket.
  • The S3 bucket must not use KMS encryption; SSE-S3 is the preferred encryption option.

Last updated: March 12, 2024

Relevant to

  • Node.js
  • WordPress