====== Create encrypted tar backups and store them on the amazon S3 cloud ======

Amazon S3 provides unlimited storage at low prices, which makes it an ideal solution for storing backups. But to make use of it, you need a piece of software that can actually interact with Amazon S3: create buckets, list the contents of a bucket, upload and download files, etc. And aws, a simple command-line utility written in Perl, is the perfect tool for the job. 

===== Perparations =====

Before you proceed, you should install the curl utility. On Ubuntu, you can do this using the sudo apt-get install curl command. Next, grab the latest version of the aws script:

  curl timkay.com/aws/aws -o aws

Make it then executable and copy it to the /usr/bin directory:

  chmod +x aws
  sudo cp ~/aws /usr/bin/

Create then an .awssecret file and open it in a text editor like nano:

  nano .awssecret

Enter your Amazon AWS credentials (the Access Key ID and the Secret Access Key) as follows:

  1B5JYHPQCXW13GWKHAG2
  2GAHKWG3+1wxcqyhpj5b1Ggqc0TIxj21DKkidjfz

Save the file and change its permissions:

  chmod 600 .awssecret

aws is now ready to go. To create a bucket for your backup use the aws mkdir command (replacing BUCKET with the actual name):

  aws mkdir BUCKET

===== Create and upload the backup file =====

Next, create an encrypted tarball of the directory you want to back up using the tar tool:
  tar -zcf - todays_backup|openssl enc -aes-256-cbc -salt -pass pass:yourpassword -out todays_backup.tgz.aes-256-cbc

Finally, upload the created archive to the created bucket:

<code>
aws put BUCKET/dir.tar.gz /path/to/todays_backup.tgz.aes-256-cbc
</code>

The best part is that you don't have to do this manually every time you want to back up a certain directory. Here is a sample script that backs up photos stored on the local hard disk:

<code>
tar -zcf – todays_backup|openssl enc -aes-256-cbc -salt -pass pass:yourpassword -out todays_backup.tgz.aes-256-cbc
aws put BUCKET/todays_backup.tgz.aes-256-cbc /path/to/todays_backup.tgz.aes-256-cbc
</code> 

Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.tgz.aes-256-cbc. This file can only be decompressed using this password.

===== Retrieve and decrypt a backup file =====
Of course, you have to make sure that you can actually retrieve and decrypt your backup files. Test if this works, preferably with a small file:

Retrieve the file from S3:
  aws get BUCKET/todays_backup.tgz.aes-256-cbc 

To extract your protected archive file use the following command:
  # openssl enc -d -aes-256-cbc -in todays_backup.tgz.aes-256-cbc -out todays_backup.tgz

Ref:
  * http://www.linux-magazine.com/Online/Blogs/Productivity-Sauce-Dmitri-s-open-source-blend-of-productive-computing/Perfect-Backup-Solution-with-Amazon-S3-and-aws
  * http://www.simplehelp.net/2009/02/19/adding-encryption-to-protect-your-backups-on-linux/


{{tag>linux tar openssl encryption}}

~~LINKBACK~~
~~DISCUSSION~~