Amazon Simple Storage Service (Amazon S3) is a well-known cloud storage provider. This destination is known to be reliable and works well with Solid Backups. For more information about Amazon S3, visit http://aws.amazon.com/s3/ .
S3 Security Credentials
Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket. You will also obtain your security and access keys during this process.
- Log in to the Amazon Web Console at http://console.aws.amazon.com.
- From the top menu select Services, and then click or search for IAM.
- From the left menu select Users or go to https://console.aws.amazon.com/iam/home#users and click the Create user button.
- Enter a username you wish to create to give access to your bucket and set permissions such as adding the user to a group.
- Review the user details until you see Create user and click it.
- Click the created user to open it.
- Under Security Credentials click the Create access key button.
- Select AWS access key type:
- Click next until you see can see the Retrieve access keys part.
- Then, click Done to review details.
- Click Services at the top of the page like before (refer to Step 2) and then click or search for S3.
- Click Create bucket.
- Enter the bucket name of your choice in the field provided. Select a region closest to your server. Click the Create button.
- Go to your Solid Backups AWS (S3) settings page on your site and enter the bucket name in the space provided (do not test/save the Backups settings yet).
- Click Services in the upper left corner, and then choose IAM
- Click Users in the left sidebar, and then click on the user that you just created to open its details.
- Under Permissions, click Create inline policy.
- Choose the S3 service and check the All S3 actions checkbox.
- Click the 'Resources' section. Then click Add ARN under the bucket section.
- Enter in the name of the bucket you created earlier, or you can check the checkbox next to 'any' to use any buckets you have created in Amazon S3 previously.
- Now check the checkbox next to 'any' for objects section.
- Review the policy and save.
- Test the settings and once it returns "Test successful", save your AWS S3 destination settings.
- See the example policy below to see how this should look.
-
( "Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*/*",
"arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
]
}
]
}
)
Security Tips
- You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance, the following would allow uploading backups but prevent users with access to your Solid Backups install from downloading your backups or deleting them. For a full list of actions see http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
"Action": [ "s3:PutObject", "s3:ListBucket" ]