Skip to content

AWS S3

Environment variable

1
BACKUP_PROVIDER="name=aws bucket_name=my_bucket_name bucket_upload_path=my_ogion_instance_1 key_id=AKIAU5JB5UQDL8C3K6UP key_secret=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=eu-central-1"

Uses AWS S3 bucket for storing backups.

Note

There can be only one upload provider defined per app, using BACKUP_PROVIDER environemnt variable. It's type is guessed by using name, in this case name=aws. Params must be included in value, splited by single space for example "value1=1 value2=foo".

Params

Name Type Description Default
name string[requried] Must be set literaly to string gcs to use Google Cloud Storage. -
bucket_name string[requried] Your globally unique bucket name. -
bucket_upload_path string[requried] Prefix that every created backup will have, for example if it is equal to my_ogion_instance_1, paths to backups will look like my_ogion_instance_1/your_backup_target_eg_postgresql/file123.zip. Usually this should be something unique for this ogion instance, for example k8s_foo_ogion. -
region string[requried] Bucket region. -
key_id string[requried] IAM user access key id, see Resources below. -
key_secret string[requried] IAM user access key secret, see Resources below. -
max_bandwidth int Max bandwith of file upload that is passed to aws sdk transfer config, see their docs: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.TransferConfig. null

Examples

1
2
3
4
5
# 1. Bucket pets-bucket
BACKUP_PROVIDER='name=aws bucket_name=pets-bucket bucket_upload_path=pets_ogion key_id=AKIAU5JB5UQDL8C3K6UP key_secret=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=eu-central-1'

# 2. Bucket birds with other region
BACKUP_PROVIDER='name=aws bucket_name=birds bucket_upload_path=birds_ogion key_id=AKIAU5JB5UQDL8C3K6UP key_secret=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=us-east-1'

Resources

Bucket and IAM walkthrough

https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html

Giving IAM user required permissions

Assuming your bucket name is my_bucket_name and upload path test-upload-path, 3 permissions are needed for IAM user (s3:ListBucket, s3:PutObject, s3:DeleteObject):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowList",
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::my_bucket_name",
      "Condition": {
        "StringLike": {
          "s3:prefix": "test-upload-path/*"
        }
      }
    },
    {
      "Sid": "AllowPutGetDelete",
      "Effect": "Allow",
      "Action": ["s3:PutObject", "s3:DeleteObject"],
      "Resource": "arn:aws:s3:::my_bucket_name/test-upload-path/*"
    }
  ]
}