====== Amazon S3 ======

  * [[s3cmd]]

  * [[http://aws.amazon.com/s3/pricing/|Pricing]]


Any data uploaded to Amazon S3 should be first encrypted using [[GPG]].

Here's an IAM policy for a new user to upload files to an S3 bucket.

<code>
{
  "Statement": [ {
    "Effect": "Allow",
    "Action": "s3:ListBucket",
    "Resource": "arn:aws:s3:::steve-backups", 
    "Condition": {
    }
  }, {
    "Effect": "Allow",
    "Action": [ 
      "s3:PutObject",
      "s3:GetObject",
      "s3:DeleteObject"
    ],
    "Resource": "arn:aws:s3:::steve-backups/*", 
    "Condition": {}
  } ]
}

</code>

=== Creating a Backups Bucket ===

  * [[https://console.aws.amazon.com/iam/home#s=Users|Amazon IAM Users]]

This is to setup a single bucket and a single user for backups for one server.

First, create an Amazon S3 bucket.

Second, create a new IAM user.  Name syntax should be: ''backups-<server>''  Generate a user Access Key ID and Secret Access Key and download them.  Add the user to the ''Backups'' group (no real reason, other than to keep users organized).

Third, select the user, change the permissions, and create a user policy.  Name the policy the same as the username.

Create a custom policy, and use the example above, renaming the bucket.  The permissions will let you upload, download, and delete files on the bucket.

Once that's done, setup either [[backup-manager]] or [[s3cmd]] to transfer files.