1

I'm trying to backup server data to S3 but getting no success. Below is the script which I run to start backup on S3.

I have create a user using IAM and have granted all permissions to the user.

 #!/bin/bash

 export AWS_ACCESS_KEY_ID="access key goes here"
 export AWS_SECRET_ACCESS_KEY="secrete key goes here"
 export PASSPHRASE="passphrase goes here"
 duplicity --no-encryption demo/* s3+http://s3.amazonaws.com/[backet-name] &>>       backups.log
 AWS_ACCESS_KEY_ID=""
 AWS_SECRET_ACCESS_KEY=""
 PASSPHRASE=""

Below is the output of the log:

Import of duplicity.backends.dpbxbackend Failed: No module named dropbox
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
Failed to create bucket (attempt #1) 's3.amazonaws.com' failed (reason: S3ResponseError: S3ResponseError: 403 Forbidden)
maqsimum
  • 61
  • 6
  • 2
    `AWS_ACCESS_KEY_ID=""` `AWS_SECRET_ACCESS_KEY=""` and `PASSPHRASE=""`, and you are surprised that you get `S3ResponseError: 403 Forbidden` back? – user May 20 '15 at 09:50
  • @MichaelKjörling I have put correct keys in the passphrase in my original script, but just adjusted my script here for better readability – maqsimum May 20 '15 at 10:02

1 Answers1

1

You need to adjust user permissions:

Option 1

Add S3 full access permissions to your S3 user.

  • IAM / Users /Permissions and Attach Policy
  • Add policy "AmazonS3FullAccess"

Option 2

Add a custom policy to your user.

Go to your bucket properties and in the Permissions tab, select Add bucket policy then copy this:

{
  "Statement": [
    {
      "Principal": {
          "AWS": "*"
      },
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": ["arn:aws:s3:::my-bucket-name/*", "arn:aws:s3:::my-bucket-name"]
    }
  ]
}

Replace my-bucket-name with yours and try again. You should be able to upload duplicity backups without problems.

marcanuy
  • 268
  • 1
  • 4
  • 11