Ubuntu 22.04 Backup using Amazon S3 and rclone
From Notes_Wiki
Home > Ubuntu > Ubuntu 22.04 > Ubuntu 22.04 Backup using Amazon S3 and rclone
1. Creating 7 Daily Buckets with 6-Day Immutability
- Log in to your AWS account and open the S3 console.
- Click Create Bucket, enter a unique name, and confirm creation.
- Open the newly created bucket and go to the Properties tab.
- Under Bucket Versioning, click Enable (required for object lock).
- Scroll to Object Lock, click Edit, and enable it.
- Enable Default Retention:
- Choose Compliance mode.
- Set retention period to 6 days.
- Save changes.
2. Writing Lifecycle Policies for Permanent Deletion after Rclone Deletes
When using rclone to delete objects from an S3 bucket, AWS retains these objects as "deleted objects" if Versioning is enabled. To permanently remove them after 1 day, a Lifecycle Policy must be created.
- Open the AWS S3 Console and your target bucket.
- Go to the Management tab > Lifecycle Rules > Create Lifecycle Rule.
- Set a name and choose to apply the rule to all objects.
- Select the following actions Under Lifecycle Rule Actions:
- Permanently delete noncurrent versions of objects
- Delete expired object delete markers or incomplete multipart uploads
- Set "Days after object deletion" to 1.
- Click Create Rule.
3. Creating an IAM User with Access to a Single S3 Bucket
Create the User
- Go to IAM > Users > Add User.
- Provide a username and select AWS Management Console access (for GUI access).
- Continue to permissions setup.
Attach a Custom Policy
- Select Attach policies directly > Create Policy.
- Switch to the JSON tab and paste the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<Bucket_name>",
"arn:aws:s3:::<Bucket_name>/*"
]
}
]
}
- Replace <Bucket_name> with your actual bucket name.
- This allows full access to the specified bucket, but not others.
Step 3: Complete User Creation
- Name and create the policy.
- Return to the IAM user setup screen.
- Refresh and attach the new policy.
- Click Next and then Create User.
Note: The user will see names of other buckets but cannot access their data or delete them.
Step 4: Install rclone
Fetch and unpack
# apt intall curl -y # sudo -v ; curl https://rclone.org/install.sh | sudo bash # curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip # unzip rclone-current-linux-amd64.zip # cd rclone-*-linux-amd64
Copy binary file
# sudo cp rclone /usr/bin/ # sudo chown root:root /usr/bin/rclone # sudo chmod 755 /usr/bin/rclone
Install manpage
# sudo mkdir -p /usr/local/share/man/man1 # sudo cp rclone.1 /usr/local/share/man/man1/ # sudo mandb
Step 5: Configure rclone
Setup rclone
# rclone config
Make new remote
No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q> n
Give a name
Enter name for new remote. name> S3
Choose S3
Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Magalu, Minio, Netease, Outscale, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others Storage> 4
Choose the S3 provider
Option provider. Choose your S3 provider. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Amazon Web Services (AWS) S3 \ (AWS) provider> 1
