Hi all, I'm looking for the specific actions that need to be allowed in an IAM policy for backups. "s3:*" is not exactly least privileges. I am already aware of how to lock the policy to a specific user, bucket, and object, what I am looking for is the specific set of actions I must allow for the cpanel s3 backups to work. I didn't see anything in /scripts and nothing really covering the specific calls in the docs, so I thought I'd ask here before opening a ticket. While I appreciate any insights, I'd prefer to avoid guess work. If you know which file holds the API calls within cPanel I'll gladly look at it myself. Just trying to decrease surface area. Thanks!