1

I want to use WAL-E to backup my PostgreSQL data to Amazon S3. I am trying to determine if the data is encrypted in transit from Postgres to S3 using SSL/TLS but the documentation is not entirely clear on this point. I see WAL-E uses boto library and I believe by default it uses SSL/TLS but can anybody confirm or tell me how to configure WAL-E to ensure it does use SSL/TLS?

Marco Di Cesare
  • 133
  • 2
  • 7

1 Answers1

0

HTTPS is the default, but you can manually specify the S3 endpoint to force the protocol.

https://github.com/wal-e/wal-e#manually-specifying-the-s3-endpoint

The format is that of:

protocol+convention://hostname:port Where valid protocols are http and https, and conventions are path, virtualhost, and subdomain.

Example:

Turns off encryption and specifies us-west-1 endpoint. 

WALE_S3_ENDPOINT=http+path://s3-us-west-1.amazonaws.com:80

For radosgw. 

WALE_S3_ENDPOINT=http+path://hostname

As seen when using Deis, which uses radosgw. 

WALE_S3_ENDPOINT=http+path://deis-store-gateway:8888
Ben Grimm
  • 4,316
  • 2
  • 15
  • 24
  • 1
    If you have timeout issues - eg connection reset by peer and you are using an S3 region outside the us you need to specify the endpoint like: WALE_S3_ENDPOINT=https+path://s3-eu-west-1.amazonaws.com:443 – Damian Jul 15 '15 at 14:00