Auto webserver and database backup with GPG encryption to Amazon S3

In this tutorial I will show you step-by-step  instructions how to make cheap and secure encrypted backups of you webserver (or any other dir)  files on you linux  server using Amazon Storage Service

Create Bucket and User at Amazon AWS

Some links that we will need

Firstly create an user at Amazon IAM managment console. Don’t forget to set permision – AmazonS3FullAccess. Copy your access and secret keys. You will need it later

Now create a bucket for a backups at Amazon S3. For testing you can leave all settings by default.

Install AWS CLI tools on your server machine

Now you can install Amazon AWS command line interface. For that you will need Python and Pip. If you don’t have it, you can found  a very nice tutorial here .

pip install awscli --upgrade --user

You may need to export path where aws was installed .

# Try
which aws

Add the executable path to your PATH variable: ~/.local/bin

export PATH=~/.local/bin:$PATH
source ~/.bash_profile

Configurate access to Amazon S3. Use your access keys from IAM. Also you will need Amazon region string. You can find it here

aws configure 

AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY 
Default region name [None]: eu-central-1 
Default output format [None]: json

Now you can test if you can copy any files to your bucket

# show available buckets
aws s3 ls

#copy file to bucket
aws s3 cp test_file.txt s3://mybucketname

Creating Database and Webserver backup with encryption

Create a backup shell script file. If you get an error, try to run with sudo

curl -o /usr/local/bin/

Content of

Set the excecution permision on

chmod +x /usr/local/bin/

Create log file (feel free to change the path) and open  Crontab window

touch /srv/backup/cronlog.log
crontrab -e

Add the following text to the end of crontab file (there is Crontab Generator, where you can easily set your execution schedule).

#crontab does not have path so we add it manualy

#This is crontab entry CRONTAB example. Backup daily at 04:00 AM
0 4 * * * /usr/local/bin/ > /srv/backup/cronlog.log 2>&1

Just in case , test you script

Sure later you may need to decrypt it

gpg --output decrypted.tar.gz --decrypt encrypted.tar.gz.asc

Leave a Reply

Your email address will not be published. Required fields are marked *