Simple Backup to Amazon S3

A quick guide to backing up on Amazon S3

Ensure you have the AWS command-line utilities downloaded:

# sudo yum install python-pip

# sudo pip install awscli

Configure your credentials

# aws configure

Create your S3 bucket

Create an IAM user

Attach a User Policy granting access to your S3 Bucket


{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1423022883000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::YourBucketName",
"arn:aws:s3:::YourBucketName/*"
]
}
]
}

Attach another User Policy granting access to list all buckets:
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}

For added protection, you can enable SSE (Server-Side Encryption with Amazon S3).  Go to your bucket in the AWS console, then under Properties->Permissions->Edit Bucket Policy, add the following policy:
{
"Version":"2012-10-17",
"Id":"PutObjPolicy",
"Statement":[{
"Sid":"DenyUnEncryptedObjectUploads",
"Effect":"Deny",
"Principal":"*",
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::YourBucketName/*",
"Condition":{
"StringNotEquals":{
"s3:x-amz-server-side-encryption":"AES256"
}
}
}
]
}

Now Sync

# aws s3 sync /my/local/directory s3://YourBucketName/

Or sync with SSE

# aws s3 sync –sse /my/local/directory s3://YourBucketName/

 

2 thoughts on “Simple Backup to Amazon S3

  1. I can successfully sync with the command like:
    aws s3 sync –sse /my/local/directory s3://YourBucketName/

    The sse guarantees server side encryption. What is not clear to me if the connection is encrypted. I tried using –ssl flag … but it rejects that. Is the sync connection encrypted?

Leave a Reply

Your email address will not be published. Required fields are marked *