Archive to AWS S3

In the S3 Console, click Create bucket. Pick a name (e.g. mycompany-mnueron-archive) and a region — typically the one closest to your team. Leave Block all public access ON. Versioning is optional but recommended for accidental-delete protection.

mnueron only needs to put, get, list, and delete objects in this one bucket. Do not give it root access. In the IAM Console → Users → Add users:

1. Name the user mnueron-archive.
2. Pick Attach policies directly → Create policy.
3. Switch to the JSON tab and paste the policy below. Replace YOUR_BUCKET_NAME.
4. Name the policy mnueron-archive-policy, save, attach it to the user.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "MnueronArchive",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR_BUCKET_NAME",
        "arn:aws:s3:::YOUR_BUCKET_NAME/*"
      ]
    }
  ]
}

From the IAM user you just created, click Security credentials → Create access key. Pick Application running outside AWS. You'll see the access key ID once, and the secret only once — copy both before closing the page.

Open /account-settings/storage, pick Cloud + Archive, then the AWS S3 backend. Fields:

• Bucket — your bucket name (case-sensitive).
• Region — e.g. us-east-1. Must match the bucket.
• Endpoint — leave blank. AWS picks the right endpoint from region.
• Access key ID + Secret — from step 3.
• Prefix — defaults to mnueron-archive/. Files land at {prefix}/{namespace}/{YYYY-MM}/{memory_id}.md.

Click Test connection. We'll PUT a small health file, HEAD it, then DELETE it. If all three steps succeed, you're ready. Click Save, then Run archive now to verify with real data.