Amazon S3

Amazon Simple Storage Service (Amazon S3) is a well known cloud storage provider. This destination is known to be reliable and works well with BackupBuddy. For more information about Amazon S3, visit http://aws.amazon.com/s3/ .

S3 Security Credentials

Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket. You will also obtain your security and access keys during this process.

  1. Log in to the Amazon Web Console at http://console.aws.amazon.com
  2. From the top menu select "Services", and then click "IAM" under the "Security, Identity, & Compliance" header.
  3. From the left menu select "Users" or go to https://console.aws.amazon.com/iam/home#users
  4. Click the "Add user" button.
  5. Enter a username you wish to create to give access to your bucket. For this example I am entering the username "backupbuddy_test_user".
  6. Under "Select AWS Access Type" check the box beside "Programmatic Access."
  7. Click "Next" until you see "Create User" and click it.
  8. You should see two fields on the screen: "Access key ID" and "Secret access key" The Access Key ID and Secret Access Key you will enter into BackupBuddy when creating the Amazon S3 Remote Destination. You will have to click "Show" in order to see the Secret Access Key. Go to the BackupBuddy Amazon (S3) settings page and enter them in the spaces provided. You may want to copy them to a file on your computer so that you can enter them later. If you lose these you cannot get them later & will have to generate new keys.
  9. Click "Close" to move on.
  10. Click "Services" at the top of the page and then click "S3" under "Storage."
  11. Click "Create Bucket."
  12. Enter the bucket name of your choice in the field provided. Select a region closest to your server. Click the "Create" button.
  13. Go to the BackupBuddy Amazon (S3) settings page and enter the bucket name in the space provided.
  14. Click "Services" in the upper left corner, and then choose "IAM" under the "Security, Identity, & Compliance" header.
  15. Click "Users" in the left sidebar, and then click on the user that you just created to open its details.
  16. Click "Add inline policy".
  17. Click "choose a service". Then select "S3".
  18. Click "Select actions". Then check the checkbox next to "All S3 actions".
  19. Click the "Resources" section. Then click "Add ARN" under the "bucket" section.
  20. Now enter in the name of the bucket you created earlier, or you can check the checkbox next to "any" to use any buckets you have created in Amazon S3 previously. 
  21. Now check the checkbox next to "any" for S3 "objects".
  22. Click the "review policy" button, name your policy, and then click the "Create policy" button. 
  23. You can now test and save your S3 destination within Backupbuddy.
  24. See example policy below to see how this should look.
  25.  (   "Version": "2012-10-17",

              "Statement": [
                  {
                      "Sid": "Stmt1490043098000",
                      "Effect": "Allow",
                      "Action": [
                          "s3:*"
                      ],
                      "Resource": [
                          "arn:aws:s3:::*/*",
                          "arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
                      ]
                  }
              ]
          }

    

Security Tips

  • You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance the following would allow uploading backups but prevent users with access to your BackupBuddy install from downloading your backups or deleting them. For a full list of actions see http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
"Action": [
        "s3:PutObject",
        "s3:ListBucket"
      ]

See also

Have more questions? Submit a request
Powered by Zendesk