Amazon Simple Storage Service (Amazon S3) is a well known cloud storage provider. This destination is known to be reliable and works well with BackupBuddy. For more information about Amazon S3, visit http://aws.amazon.com/s3/ .
S3 Security Credentials
Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket. You will also obtain your security and access keys during this process.
- Log in to the Amazon Web Console at http://console.aws.amazon.com
- From the top menu select "Services", and then click "IAM" under the "Security, Identity, & Compliance" header.
- From the left menu select "Users" or go to https://console.aws.amazon.com/iam/home#users
- Click the "Add user" button.
- Enter a username you wish to create to give access to your bucket. For this example I am entering the username "backupbuddy_test_user".
- Under "Select AWS Access Type" check the box beside "Programmatic Access."
- Click "Next" until you see "Create User" and click it.
- You should see two fields on the screen: "Access key ID" and "Secret access key" The Access Key ID and Secret Access Key you will enter into BackupBuddy when creating the Amazon S3 Remote Destination. You will have to click "Show" in order to see the Secret Access Key. Go to the BackupBuddy Amazon (S3) settings page and enter them in the spaces provided. You may want to copy them to a file on your computer so that you can enter them later. If you lose these you cannot get them later & will have to generate new keys.
- Click "Close" to move on.
- Click "Services" at the top of the page and then click "S3" under "Storage."
- Click "Create Bucket."
- Enter the bucket name of your choice in the field provided. Select a region closest to your server. Click the "Create" button.
- Go to the BackupBuddy Amazon (S3) settings page and enter the bucket name in the space provided.
- Click "Services" in the upper left corner, and then choose "IAM" under the "Security, Identity, & Compliance" header.
- Click "Users" in the left sidebar, and then click on the user that you just created to open its details.
- Click the "Add inline policy" link. Click "Policy Generator" and then click the "Select" button.
- Beside "Effect" click the "Allow" box. Beside "AWS Service" choose "Amazon S3." Beside "Actions" select "All Actions." Beside "Amazon Resource Name" paste the following line including the /*: arn:aws:s3:::YOUR_BUCKET_NAME_HERE/* Please replace "YOUR_BUCKET_NAME_HERE" with the name of the bucket that you created earlier, and click the "Add Statement" button.
- Click the "Next Step" button.
- Under "Resource", copy the ARN line and paste to the next line below it.
- From the newly pasted line remove the /* from the end (should have two identical lines except one has /* at the end, and one does not)
- Add a comma (,) to the end of the first ARN line you copied.
- See example policy below to see how this should look.
- ( "Version": "2012-10-17",
Click "Apply policy" to save the changes. You can now test this S3 destination in BackupBuddy.
- You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance the following would allow uploading backups but prevent users with access to your BackupBuddy install from downloading your backups or deleting them. For a full list of actions see http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
"Action": [ "s3:PutObject", "s3:ListBucket" ]