Amazon Simple Storage Service (Amazon S3) is a well-known cloud storage provider. This destination is known to be reliable and works well with BackupBuddy. For more information about Amazon S3, visit http://aws.amazon.com/s3/ .
S3 Security Credentials
Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket. You will also obtain your security and access keys during this process.
- Log in to the Amazon Web Console at http://console.aws.amazon.com
- From the top menu select Services, and then click IAM under the Security, Identity, & Compliance header.
- From the left menu select Users or go to https://console.aws.amazon.com/iam/home#users
- Click the Add user button.
- Enter a username you wish to create to give access to your bucket. For this example, I am entering the username "backupbuddy_test_user".
- Under Select AWS Access Type check the box beside Programmatic Access.
- Click Next until you see Create User and click it.
- You should see two fields on the screen: Access key ID and Secret access key. The Access Key ID and Secret Access Key you will enter into BackupBuddy when creating the Amazon S3 Remote Destination. You will have to click Show in order to see the Secret Access Key. Go to the BackupBuddy Amazon (S3) settings page and enter them in the spaces provided. You may want to copy them to a file on your computer so that you can enter them later. If you lose these you cannot get them later & will have to generate new keys.
- Click Close to move on.
- Click Services at the top of the page like before (refer to Step 2) and then click S3 under Storage.
- Click Create Bucket.
- Enter the bucket name of your choice in the field provided. Select a region closest to your server. Click the Create button.
- Go to the BackupBuddy AWS (S3) settings page on your site and enter the bucket name in the space provided.
- Click Services in the upper left corner, and then choose IAM under the Security, Identity, & Compliance header.
- Click Users in the left sidebar, and then click on the user that you just created to open its details.
- Click Add inline policy.
- Click 'choose a service'. Then select S3.
- Click 'Select actions'. Then check the checkbox next to All S3 actions.
- Click the 'Resources' section. Then click Add ARN under the bucket section.
- Now enter in the name of the bucket you created earlier, or you can check the checkbox next to 'any' to use any buckets you have created in Amazon S3 previously.
- Now check the checkbox next to 'any' for objects.
- Click the Review Policy button, name your policy, and then click the Create Policy button.
- You can now test and save your S3 destination within Backupbuddy.
- See the example policy below to see how this should look.
-
( "Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1490043098000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*/*",
"arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
]
}
]
}
)
Security Tips
- You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance, the following would allow uploading backups but prevent users with access to your BackupBuddy install from downloading your backups or deleting them. For a full list of actions see http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
"Action": [
"s3:PutObject",
"s3:ListBucket"
]