Differences
This shows you the differences between two versions of the page.
amazon_s3 [2012/01/17 09:28] 127.0.0.1 external edit |
amazon_s3 [2015/06/01 15:28] steve |
||
---|---|---|---|
Line 2: | Line 2: | ||
* [[s3cmd]] | * [[s3cmd]] | ||
- | |||
- | We have an Amazon account (registered under [email protected]) to access S3, Amazon's cloud storage. | ||
* [[http://aws.amazon.com/s3/pricing/|Pricing]] | * [[http://aws.amazon.com/s3/pricing/|Pricing]] | ||
- | === Security Policy === | ||
- | |||
- | There is only one access and one API key regardless of how many buckets you use. Because of this, do not use any scripts that upload or access the S3 storage on an untrusted server. | ||
- | |||
- | === Storage Policy === | ||
Any data uploaded to Amazon S3 should be first encrypted using [[GPG]]. | Any data uploaded to Amazon S3 should be first encrypted using [[GPG]]. | ||
- | |||
- | === Security Access === | ||
Here's an IAM policy for a new user to upload files to an S3 bucket. | Here's an IAM policy for a new user to upload files to an S3 bucket. | ||
Line 24: | Line 15: | ||
"Effect": "Allow", | "Effect": "Allow", | ||
"Action": "s3:ListBucket", | "Action": "s3:ListBucket", | ||
- | "Resource": "arn:aws:s3:::dtrike-backups", | + | "Resource": "arn:aws:s3:::steve-backups", |
"Condition": { | "Condition": { | ||
} | } | ||
Line 34: | Line 25: | ||
"s3:DeleteObject" | "s3:DeleteObject" | ||
], | ], | ||
- | "Resource": "arn:aws:s3:::dtrike-backups/*", | + | "Resource": "arn:aws:s3:::steve-backups/*", |
"Condition": {} | "Condition": {} | ||
} ] | } ] | ||
Line 47: | Line 38: | ||
This is to setup a single bucket and a single user for backups for one server. | This is to setup a single bucket and a single user for backups for one server. | ||
- | First, create an Amazon S3 bucket. Name syntax should be: ''dtrike-backups-<server>'' | + | First, create an Amazon S3 bucket. |
Second, create a new IAM user. Name syntax should be: ''backups-<server>'' Generate a user Access Key ID and Secret Access Key and download them. Add the user to the ''Backups'' group (no real reason, other than to keep users organized). | Second, create a new IAM user. Name syntax should be: ''backups-<server>'' Generate a user Access Key ID and Secret Access Key and download them. Add the user to the ''Backups'' group (no real reason, other than to keep users organized). |