Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Data Movement (Copy to Cloud) > Target bucket
A target bucket is a bucket in ECS or Amazon S3. The target bucket must be created before its data movement policy is created. Copy to Cloud requires an access key and secret key for the external target bucket. The external access key and secret key can be changed at any time by editing these fields in the data movement policy. The secret key will be encrypted in the same way that local user secrets are encrypted in ECS.
Note: When S3 versioning is disabled on the target bucket, we recommend that the target bucket be dedicated for data movement policies.
Copy to Cloud requires a set of permissions for any target bucket. You need to create an IAM role or user that is used to verify access to the target bucket in the cloud. The minimum permissions are:
Note: The s3:DeleteObject permission is only used for VALIDATE DATA MOVEMENT POLICY in the ECS Portal. You can click SAVE directly in the ECS Portal to create a data movement policy if the s3:DeleteObject permission is not given to the IAM role or user.