Amazon S3 Setup

Amazon Simple Storage Service (Amazon S3) is a well-known cloud storage provider. This destination is known to be reliable and works well with Solid Backups. For more information about Amazon S3, visit http://aws.amazon.com/s3/ .

S3 Security Credentials

Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket. You will also obtain your security and access keys during this process.

  1. Log in to the Amazon Web Console at http://console.aws.amazon.com.
  2. From the top menu select Services, and then click or search for IAM.
    page1image880193040
  3. From the left menu select Users or go to https://console.aws.amazon.com/iam/home#users and click the Create user button.
    page1image880193040
  4. Enter a username you wish to create to give access to your bucket and set permissions such as adding the user to a group.
    page2image959500320
    page2image959500320
  5. Review the user details until you see Create user and click it.
    page3image45138880
  6. Click the created user to open it.
    Users IAM Global 2024-06-06 at 1.51.15 AM
  7. Under Security Credentials click the Create access key button.
    page4image48291456
  8. Select AWS access key type:
    Create access key IAM Global 2024-06-06 at 1.55.41 AM
  9. Click next until you see can see the Retrieve access keys part. 
    page5image44096416
    Copy both the Access key and Secret access key into your Solid Backups Amazon S3 Remote Destination settings. You may want to copy them to a file on your computer so that you can enter them later. If you lose these you cannot get them later & will have to generate new keys.
  10. Then, click Done to review details.
    st_backups IAM Global 2024-06-06 at 1.57.00 AM
  11. Click Services at the top of the page like before (refer to Step 2) and then click or search for S3.
    st_backups IAM Global 2024-06-06 at 1.57.35 AM
  12. Click Create bucket.
    S3 buckets S3 ap-southeast-2 2024-06-06 at 1.57.56 AM
  13. Enter the bucket name of your choice in the field provided. Select a region closest to your server. Click the Create button.
    page7image959553264
  14. Go to your Solid Backups AWS (S3) settings page on your site and enter the bucket name in the space provided (do not test/save the Backups settings yet).
  15. Click Services in the upper left corner, and then choose IAM 
    S3 buckets S3 ap-southeast-1 2024-06-06 at 2.02.13 AM
  16. Click Users in the left sidebar, and then click on the user that you just created to open its details.
  17. Under Permissions, click Create inline policy.
    page8image48317360
  18. Choose the S3 service and check the All S3 actions checkbox.
    Create policy IAM Global 2024-06-06 at 2.04.30 AM
  19. Click the 'Resources' section. Then click Add ARN under the bucket section.
    Create policy IAM Global 2024-06-06 at 2.04.43 AM
  20. Enter in the name of the bucket you created earlier, or you can check the checkbox next to 'any' to use any buckets you have created in Amazon S3 previously.
    Create policy IAM Global 2024-06-06 at 2.04.55 AM
  21. Now check the checkbox next to 'any' for objects section.
    Edit policy IAM Global 2024-06-11 at 2.33.25 AM
  22. Review the policy and save.
    Create policy IAM Global 2024-06-06 at 2.05.50 AM
    st_backups IAM Global 2024-06-06 at 2.06.26 AM
  23. Test the settings and once it returns "Test successful", save your AWS S3 destination settings.
    Solid Backups ‹ Destinations ‹ e7ee508278.nxcli.io — WordPress 2024-06-06 at 2.19.12 AM
  24. See the example policy below to see how this should look.
  25. (   "Version": "2012-10-17",
       "Statement": [
                      {
                         "Sid": "VisualEditor0",
                          "Effect": "Allow",
                          "Action": [
                              "s3:*"
                          ],
                          "Resource": [
                              "arn:aws:s3:::*/*",
                              "arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
                          ]
                      }
                  ]
             }
    )

Security Tips

  • You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance, the following would allow uploading backups but prevent users with access to your Solid Backups install from downloading your backups or deleting them. For a full list of actions see http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
"Action": [
        "s3:PutObject",
        "s3:ListBucket"
      ]

See also

Have more questions? Submit a request