Ubuntu 22.04 Backup using Amazon S3 and rclone

From Notes_Wiki

Home > Ubuntu > Ubuntu 22.04 > Ubuntu 22.04 Backup using Amazon S3 and rclone

1. Creating 7 Daily Buckets with 6-Day Immutability

  • Log in to your AWS account and open the S3 console.
  • Click Create Bucket, enter a unique name, and confirm creation.
  • Open the newly created bucket and go to the Properties tab.
  • Under Bucket Versioning, click Enable (required for object lock).
  • Scroll to Object Lock, click Edit, and enable it.
  • Enable Default Retention:
  • Choose Compliance mode.
  • Set retention period to 6 days.
  • Save changes.

2. Writing Lifecycle Policies for Permanent Deletion after Rclone Deletes

When using rclone to delete objects from an S3 bucket, AWS retains these objects as "deleted objects" if Versioning is enabled. To permanently remove them after 1 day, a Lifecycle Policy must be created.

  • Open the AWS S3 Console and your target bucket.
  • Go to the Management tab > Lifecycle Rules > Create Lifecycle Rule.
  • Set a name and choose to apply the rule to all objects.
  • Select the following actions Under Lifecycle Rule Actions:
  • Permanently delete noncurrent versions of objects
  • Delete expired object delete markers or incomplete multipart uploads
  • Set "Days after object deletion" to 1.
  • Click Create Rule.

3. Creating an IAM User with Access to a Single S3 Bucket

Create the User

  • Go to IAM > Users > Add User.
  • Provide a username and select AWS Management Console access (for GUI access).
  • Continue to permissions setup.

Attach a Custom Policy

  • Select Attach policies directly > Create Policy.
  • Switch to the JSON tab and paste the following:
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"s3:GetBucketLocation",
				"s3:ListAllMyBuckets"
			],
			"Resource": "arn:aws:s3:::*"
		},
		{
			"Effect": "Allow",
			"Action": "s3:*",
			"Resource": [
				"arn:aws:s3:::<Bucket_name>",
				"arn:aws:s3:::<Bucket_name>/*"
			]
		}
	]
}
  • Replace <Bucket_name> with your actual bucket name.
  • This allows full access to the specified bucket, but not others.

Step 3: Complete User Creation

  • Name and create the policy.
  • Return to the IAM user setup screen.
  • Refresh and attach the new policy.
  • Click Next and then Create User.

Note: The user will see names of other buckets but cannot access their data or delete them.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Ubuntu_22.04_Backup_using_Amazon_S3_and_rclone&oldid=8501"