S3

Backup to any

  • cloud that supports S3 object storage (tested: AWS, IONOS)
  • self hosted S3 backend like Ceph or MinIO (tested: MinIO)
  • local NAS

The terminology in S3 is quite different compared to other protocols as S3 is an object storage, not a filesystem.

There are buckets on the top level which contain objects referenced by keys. This keys can contain / slashes what brings back the “feeling” of directories but /dir/fileA.bkp and /dir/fileB.bkp are just two different keys.

Special settings

Path Style mode

The Path Style option is important to understand and configure accordingly.

  • Default mode (Path Style off) sets the bucket name as sub-domain like https://<bucket-name>.endpoint.mycloud.com. This is used by AWS and other large cloud providers.
  • With set Path Style mode the bucket name is put into the path instead like https://endpoint.mycloud.com/<bucket-name>. This will be used by most local storages and on-premises S3 setups like MinIO.
If you experience issues with certain cloud providers or local S3 storages, please reach out to us.

Example configuration on AWS

Create a user

  1. Login to your AWS account and create a new user Direct to the IAM (Identity and Access Management) page through the appearing dashboard.
    image

    Choose Users in the left menu and click the Add users-button.

The 5-step creation process starts by choosing a username.

image

The appropriate Access Credential Type for AWS S3 is Access key - Programmatic access. Activate the checkbox and move on to the next step.

Permissions can be set in 3 different ways. 1. By adding a user to a predefined group 2. By copying permission from a different user, or 3. By setting policies directly.

If no user or user-group is available yet, choose option 3 and set the AmazonS3FullAccess policy.

image

Proceed to the next step: Tags

Tags are used to organize users. They are completly optional and therefore not handled in this documentation.

image

Review the user settings and Create user

image

If everything worked out a success message as well as the generated user credentials will show up.

Create a bucket

In a S3 environment a bucket functions as a container to storage data in. Navigate through Services to Storage / S3.

image

To create a new bucket push the Create bucket-button.

image
The configuration will appear. The most basic setup just needs a name and a region.

Advanced settings include various options such as:

  • bucket Ownership with multiple AWS accounts
  • Public Access to the bucket
  • Versioning of specific files inside the bucket. It’s better to use the Manage backup generations feature of our backup instead.
  • Encryption of stored objects
    The encryption option is not necessary, since the Webadmin takes care of encryption and decryption of backup files.

Webadmin S3 configuration

Select backend-type S3 in the Remote Backend / File Listing tab and fill in the necessary credentials.

image

This is an exmaple AWS configuration.

  • Endpoint: For AWS the endpoint URL is structured like: https://s3.<region>.amazonaws.com For example: s3.eu-central-1.amazonaws.com
  • Port: AWS and most clouds default to the HTTPS port 443, our default if not set.
  • Region: The region chosen while creating a AWS bucket. It can be found inside the properties of the bucket.
    image
  • Key: The generated user key saved at the end of the user creation
  • Secret: The generated user secret saved at the end of the user creation
  • Path style: AWS does not require the path style mode to be set, but other cloud providers might do. See Path style mode.

Done

The S3 setup is complete now, so give it a try and click on the Start button. Depending on the size of the database this can take seconds up to minutes. When the backup is done it will show up in the file listing below.