Differences

This shows you the differences between two versions of the page.

Link to this comparison view

amazon_s3 [2012/01/17 09:28]
127.0.0.1 external edit
amazon_s3 [2015/06/01 15:28] (current)
steve
Line 2: Line 2:
  
   * [[s3cmd]]   * [[s3cmd]]
- 
-We have an Amazon account (registered under steve@digitaltrike.com) to access S3, Amazon'​s cloud storage. 
  
   * [[http://​aws.amazon.com/​s3/​pricing/​|Pricing]]   * [[http://​aws.amazon.com/​s3/​pricing/​|Pricing]]
  
-=== Security Policy === 
- 
-There is only one access and one API key regardless of how many buckets ​ you use.  Because of this, do not use any scripts that upload or access the S3 storage on an untrusted server. 
- 
-=== Storage Policy === 
  
 Any data uploaded to Amazon S3 should be first encrypted using [[GPG]]. Any data uploaded to Amazon S3 should be first encrypted using [[GPG]].
- 
-=== Security Access === 
  
 Here's an IAM policy for a new user to upload files to an S3 bucket. Here's an IAM policy for a new user to upload files to an S3 bucket.
Line 24: Line 15:
     "​Effect":​ "​Allow",​     "​Effect":​ "​Allow",​
     "​Action":​ "​s3:​ListBucket",​     "​Action":​ "​s3:​ListBucket",​
-    "​Resource":​ "​arn:​aws:​s3:::​dtrike-backups", ​+    "​Resource":​ "​arn:​aws:​s3:::​steve-backups", ​
     "​Condition":​ {     "​Condition":​ {
     }     }
Line 34: Line 25:
       "​s3:​DeleteObject"​       "​s3:​DeleteObject"​
     ],     ],
-    "​Resource":​ "​arn:​aws:​s3:::​dtrike-backups/​*", ​+    "​Resource":​ "​arn:​aws:​s3:::​steve-backups/​*", ​
     "​Condition":​ {}     "​Condition":​ {}
   } ]   } ]
Line 47: Line 38:
 This is to setup a single bucket and a single user for backups for one server. This is to setup a single bucket and a single user for backups for one server.
  
-First, create an Amazon S3 bucket. ​ Name syntax should be: ''​dtrike-backups-<​server>''​+First, create an Amazon S3 bucket.
  
 Second, create a new IAM user.  Name syntax should be: ''​backups-<​server>'' ​ Generate a user Access Key ID and Secret Access Key and download them.  Add the user to the ''​Backups''​ group (no real reason, other than to keep users organized). Second, create a new IAM user.  Name syntax should be: ''​backups-<​server>'' ​ Generate a user Access Key ID and Secret Access Key and download them.  Add the user to the ''​Backups''​ group (no real reason, other than to keep users organized).