Amazon S3
Any data uploaded to Amazon S3 should be first encrypted using GPG.
Here's an IAM policy for a new user to upload files to an S3 bucket.
{ "Statement": [ { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::steve-backups", "Condition": { } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::steve-backups/*", "Condition": {} } ] }
Creating a Backups Bucket
This is to setup a single bucket and a single user for backups for one server.
First, create an Amazon S3 bucket.
Second, create a new IAM user. Name syntax should be: backups-<server>
Generate a user Access Key ID and Secret Access Key and download them. Add the user to the Backups
group (no real reason, other than to keep users organized).
Third, select the user, change the permissions, and create a user policy. Name the policy the same as the username.
Create a custom policy, and use the example above, renaming the bucket. The permissions will let you upload, download, and delete files on the bucket.
Once that's done, setup either backup-manager or s3cmd to transfer files.