This is an old revision of the document!
Amazon S3
We have an Amazon account (registered under [email protected]) to access S3, Amazon's cloud storage.
Security Policy
There is only one access and one API key regardless of how many buckets you use. Because of this, do not use any scripts that upload or access the S3 storage on an untrusted server.
Storage Policy
Any data uploaded to Amazon S3 should be first encrypted using GPG.
Security Access
Here's an IAM policy for a new user to upload files to an S3 bucket.
{ "Statement": [ { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::dtrike-backups", "Condition": { } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::dtrike-backups/*", "Condition": {} } ] }
Creating a Backups Bucket
This is to setup a single bucket and a single user for backups for one server.
First, create an Amazon S3 bucket. Name syntax should be: dtrike-backups-<server>
Second, create a new IAM user. Name syntax should be: backups-<server>
Generate a user Access Key ID and Secret Access Key and download them. Add the user to the Backups
group (no real reason, other than to keep users organized).
Third, select the user, change the permissions, and create a user policy. Name the policy the same as the username.
Create a custom policy, and use the example above, renaming the bucket. The permissions will let you upload, download, and delete files on the bucket.
Once that's done, setup either backup-manager or s3cmd to transfer files.