So, we all regularly create backups of important data, right? Right. Well, at least I hope you do. For your personal data as well as any company data you are dealing with. It is fairly easy and straightforward to create e.g. a MySQL backup on a server, zip it up and always keep the last 10 days as copies. However, what happens in case your whole server’s disks have an unrecoverable crash?

In that case, it would be convenient to have backups which don’t reside on your server, but somewhere else.

An easy way to do that is using a cloud service such as Amazon AWS S3 to backup your files. You could encrypt them with a password as well to be even more secure, but here I will show you the basics to have a MySQL backup on S3.

Setting up an S3 bucket with lifecycle management

I assume you already have an AWS account and are able to login to AWS - use a search engine before reading on if this is not the case.

  1. Go to S3 and create a new bucket by clicking on “Create bucket”:
    Create a bucket in S3
    Create a new bucket in S3.
  2. Choose a unique name, e.g I chose “fabulous-backup-mp” and create the bucket with the settings which are appropriate for you.
  3. I like to add a lifecycle rule to automatically delete old backups after 14 days. This is found in the bucket under “Management” -> “Lifecycle”. Click “Add lifecycle rule” and expire the current version of an object after 14 days while permanently deleting previous versions after 1 day. This will keep you 14 days of backups without needing to ever manually delete files yourself. Cool, huh?
    Add a lifecycle rule to the bucket.
    Add a lifecycle rule.
    Configure the lifecycle.
    Configure the lifecycle.

Installing the aws cli tool on your server

To be able to interact with AWS, you need to install the AWS cli tool. For Ubuntu this is done using:

pip3 install awscli --upgrade --user

If you want other methods, refer to the installation guide.

Setup an IAM user

The AWS way to access rights of users is IAM. You can create a user which is only able to write to a specific bucket, which I find useful for backups:

  1. Go to IAM in AWS and create a new user.
    Click Add user.
    Click Add user.
  2. Choose a username and make sure to enable programmatic access, so we can use the user in the cli tool later.
    Enable Programmatic access.
    Enable Programmatic access.
  3. Attach a policy to the user to specify that it can access only your previously created S3 bucket.
    First create a new policy, afterwards click the refresh button on the right to select it.
    First create a new policy, afterwards click the refresh button on the right to select it.
    Refer to my complete json below for the policy.
    Refer to my complete json below for the policy.
  4. Remember the Access Key ID and the user secret which we will use in the AWS cli tool.

My policy looks something like this (remember that I named the bucket “fabulous-backup-mp” which you need to replace by your unique bucket name):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::fabulous-backup-mp"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::fabulous-backup-mp/*"
            ]
        }
    ]
}

Create a profile of the IAM user on the cli

This is a simple one! Simply use a terminal to enter:

aws configure --profile fabulous-backup

and follow the instructions by entering your previously attained Access Key ID and user secret. You can name the profile however you want, I chose fabulous-backup here, which I will use in the bash script below. Note that you can create several different profiles for different buckets or purposes.

Creating the backup

For the backup creation you can use any tool you like, e.g. you could create a simple bash script which creates the backup and uploads it to the S3 bucket using a cronjob which runs all night. In this case, it looks something like this:

#!/bin/bash
USER=dbUser
DBNAME=dbName
PW=yourpassword
DATE=`date +%Y-%m-%d`
S3_BUCKET=fabulous-backup-mp
AWS_PROFILE=fabulous-backup

echo "Creating backup of $DBNAME."
FILENAME="~/dbBackups/backup.sql.gz"
mysqldump $DBNAME -u $USER -p$PW | gzip -c > $FILENAME

echo "Upload to S3."
/usr/bin/aws s3 cp $FILENAME s3://$S3_BUCKET/backup-$DATE.sql.gz --profile $AWS_PROFILE

I hope you liked this intro of how to create a MySQL database backup to a cloud provider like AWS. Feel free to hit me up, if you have any questions.