BackupBuddy Remote Destinations: Amazon S3

From iThemes Codex
Revision as of 00:38, 14 May 2015 by Dustin (talk | contribs) (S3 Security Credentials)
Jump to: navigation, search

Amazon Simple Storage Service (Amazon S3) is a well known cloud storage provider. This destination is known to be reliable and works well with BackupBuddy. For more information about Amazon S3, visit

Adding Amazon S3 as a Remote Destination

  1. Once on the Remote Destinations page, click the +Add New button to add your Amazon S3 destination.


  2. In the Add New Destination window, add the following information:


    1. Destination name - Name of the new destination to create. This is for your convenience only.
    2. AWS access key - [Example: BSEGHGSDEUOXSQOPGSBE] - Log in to your Amazon S3 AWS Account and navigate to Account: Access Credentials: Security Credentials
    3. AWS secret key - [Example: GHOIDDWE56SDSAZXMOPR] - Log in to your Amazon S3 AWS Account and navigate to Account: Access Credentials: Security Credentials.
    4. Bucket name - [Example: wordpress_backups] - This bucket will be created for you automatically if it does not already exist. Bucket names must be globally unique amongst all Amazon S3 users.
    5. Directory - [Example: backupbuddy] - Directory name to place the backup within.
    6. Archive limit - [Example: 5] - Enter 0 for no limit. This is the maximum number of archives to be stored in this specific destination. If this limit is met the oldest backups will be deleted.
    7. Encrypt connection - [Default: enabled] - When enabled, all transfers will be encrypted with SSL encryption. Please note that encryption introduces overhead and may slow down the transfer. If Amazon S3 sends are failing try disabling this feature to speed up the process. Note that 32-bit servers cannot encrypt transfers of 2GB or larger with SSL, causing large file transfers to fail.

  3. Once you've entered all of your settings, you'll want to test your settings before adding the destination.

  4. Your new location will now show on the Remote Destinations page in BackupBuddy. If you need to change your settings, click the gear symbol to the right of the destination.


S3 Security Credentials

Here we will walk you through creating IAM Security Credentials and a Security Policy and then attach said Security Policy to your bucket.

  1. Log in to the Amazon Web Console at
  2. From the top menu select "Services" then click "IAM".
  3. From the left menu select "Users" or go to
  4. Click the "Create New Users" button.
  5. Enter a username you wish to create to give access to your bucket. For this example I am entering the username "backupbuddy_test_user".
  6. Click "Show User Security Credentials" to display them.
  7. These are the access keys you will enter into BackupBuddy when creating the Amazon S3 Remote Destination. Enter them now into BackupBuddy, copy them, or download them for entering later. If you lose these you cannot get them later & will have to generate new keys.
  8. Click "Close" twice to move on.
  9. Click the username you just created to open its details.
  10. Copy the following Security Policy into your favorite text editor or note taking app/site such as Notepad, TextEdit, Typity, Sublime Text 2, etc:
    	"Version": "2012-10-17",
    	"Statement": [
    			"Effect": "Allow",
    			"Principal": {
    				"AWS": [
    			"Action": "s3:*",
    			"Resource": [
  11. Copy the text to the right of "User ARN". It will look something like arn:aws:iam::193065484832:user/backupbuddy_test_user
  12. Paste this "User Arn" replacing "YOUR_USER_ARN_HERE" in the Security Policy above that you pasted into your text editor.
  13. Replace "YOUR_BUCKET_NAME_HERE" with the name of your Amazon S3 Bucket you want to grant this user access to.
  14. From the top menu select "Services" then click "S3" or go to
  15. Click the bucket you want to grant access to.
  16. At the upper right, make sure the "Properties" tab/button is selected so you see bucket details on the right.
  17. Expand "Permissions" and click "Edit bucket policy".
  18. Paste the Security Policy from your text editor (that big chunk of text you put your user ARN and bucket name in from above) in this box.
  19. Click "Save".
  20. You can now test this S3 destination in BackupBuddy.
  21. Security Tips

    • You can grant multiple users access to the bucket by adding additional User ARNs into the policy, separated by commas. This lets you easily delete users or remove their access in the future.
    • You can modify Action permissions to limit user access. For instance to block them from deleting files to make sure backups don't get accidentally deleted or even download backups for ultimate security. For instance the following would allow uploading backups but prevent users with access to your BackupBuddy install from downloading your backups or deleting them. For a full list of actions see
    "Action": [

    See also

    ← Back to BackupBuddy Codex Home