Skip to content

S3

Environment variable

1
BACKUP_PROVIDER="name=s3 bucket_name=my_bucket_name bucket_upload_path=my_ogion_instance_1 access_key=AKIAU5JB5UQDL8C3K6UP secret_key=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=eu-central-1"

Uses S3 bucket for storing backups (by default AWS but own instance can be specified eg. Minio).

Note

There can be only one upload provider defined per app, using BACKUP_PROVIDER environemnt variable. It's type is guessed by using name, in this case name=s3. Params must be included in value, splited by single space for example "value1=1 value2=foo".

Params

Name Type Description Default
name string[requried] Must be set literaly to string s3 to use S3. -
bucket_name string[requried] Your globally unique bucket name. -
bucket_upload_path string[requried] Prefix that every created backup will have, for example if it is equal to my_ogion_instance_1, paths to backups will look like my_ogion_instance_1/your_backup_target_eg_postgresql/file123.age. Usually this should be something unique for this ogion instance, for example k8s_foo_ogion. -
endpoint string S3 endpoint. s3.amazonaws.com
secure string If set to false, connect to endpoint under http. true
region string Bucket region. null
access_key string User access key id, see Resources below. null
secret_key string User access key secret, see Resources below. null

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# 1. AWS Bucket pets-bucket
BACKUP_PROVIDER='name=s3 bucket_name=pets-bucket bucket_upload_path=pets_ogion access_key=AKIAU5JB5UQDL8C3K6UP secret_key=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=eu-central-1'

# 2. AWS Bucket birds with other region
BACKUP_PROVIDER='name=s3 bucket_name=birds bucket_upload_path=birds_ogion access_key=AKIAU5JB5UQDL8C3K6UP secret_key=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=us-east-1'

# 3. Min.io instance 
BACKUP_PROVIDER='name=s3 endpoint=my-min.io.com bucket_name=pets-bucket bucket_upload_path=pets_ogion access_key=AKIAU5JB5UQDL8C3K6UP secret_key=nFTXlO7nsPNNUj59tFE21Py9tOO8fwOtHNsr3YwN region=default'

# 4. Min.io localhost instance under http and no auth
BACKUP_PROVIDER='name=s3 endpoint=localhost:9000 bucket_name=pets-bucket bucket_upload_path=pets_ogion secure=false'

Resources

Bucket and IAM walkthrough

https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html

Giving IAM user required permissions

Assuming your bucket name is my_bucket_name and upload path test-upload-path, 3 permissions are needed for IAM user (s3:ListBucket, s3:PutObject, s3:DeleteObject):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowList",
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::my_bucket_name",
      "Condition": {
        "StringLike": {
          "s3:prefix": "test-upload-path/*"
        }
      }
    },
    {
      "Sid": "AllowPutGetDelete",
      "Effect": "Allow",
      "Action": ["s3:PutObject", "s3:DeleteObject"],
      "Resource": "arn:aws:s3:::my_bucket_name/test-upload-path/*"
    }
  ]
}