S3
Backup to any
- cloud that supports S3 object storage (tested: AWS, IONOS)
- self hosted S3 backend like Ceph or MinIO (tested: MinIO)
- local NAS
The terminology in S3 is quite different compared to other protocols as S3 is an object storage, not a filesystem.
There are buckets on the top level which contain objects referenced by keys. This keys can contain /
slashes what brings back the “feeling” of directories but /dir/fileA.bkp
and /dir/fileB.bkp
are just two different keys.
Special settings
Path Style mode
The Path Style option is important to understand and configure accordingly.
- Default mode (Path Style off) sets the bucket name as sub-domain like
https://<bucket-name>.endpoint.mycloud.com
. This is used by AWS and other large cloud providers. - With set Path Style mode the bucket name is put into the path instead like
https://endpoint.mycloud.com/<bucket-name>
. This will be used by most local storages and on-premises S3 setups like MinIO.
Example configuration on AWS
Create a user
- Login to your AWS account and create a new user
Direct to the
IAM (Identity and Access Management)
page through the appearing dashboard.
Choose Users in the left menu and click theAdd users
-button.
The 5-step creation process starts by choosing a username.
The appropriate Access Credential Type for AWS S3 is Access key - Programmatic access. Activate the checkbox and move on to the next step.
Permissions can be set in 3 different ways. 1. By adding a user to a predefined group 2. By copying permission from a different user, or 3. By setting policies directly.
If no user or user-group is available yet, choose option 3 and set the AmazonS3FullAccess
policy.
Proceed to the next step: Tags
Tags are used to organize users. They are completly optional and therefore not handled in this documentation.
Review the user settings and Create user
If everything worked out a success message as well as the generated user credentials will show up.
Create a bucket
In a S3 environment a bucket functions as a container to storage data in. Navigate through Services to Storage / S3.
To create a new bucket push the Create bucket
-button.
The configuration will appear. The most basic setup just needs a name and a region.
Advanced settings include various options such as:
- bucket Ownership with multiple AWS accounts
- Public Access to the bucketDo not grant public access to your backup files as anyone could download them!
- Versioning of specific files inside the bucket. It’s better to use the Manage backup generations feature of our backup instead.
- Encryption of stored objects
The encryption option is not necessary, since the Webadmin takes care of encryption and decryption of backup files.
Webadmin S3 configuration
Select backend-type S3 in the Remote Backend / File Listing tab and fill in the necessary credentials.
This is an exmaple AWS configuration.
- Endpoint: For AWS the endpoint URL is structured like:
https://s3.<region>.amazonaws.com
For example:s3.eu-central-1.amazonaws.com
- Port: AWS and most clouds default to the HTTPS port
443
, our default if not set. - Region: The region chosen while creating a AWS bucket. It can be found inside the properties of the bucket.
- Key: The generated user key saved at the end of the user creation
- Secret: The generated user secret saved at the end of the user creation
- Path style: AWS does not require the path style mode to be set, but other cloud providers might do. See Path style mode.
Done
The S3 setup is complete now, so give it a try and click on the Start button. Depending on the size of the database this can take seconds up to minutes. When the backup is done it will show up in the file listing below.