Escrito por Juan Felipe Morales
30 de mayo de 2023
Many times when we start using cloud services, in my case AWS, we want to launch a server, perhaps for a WordPress or some system that we want to have online. After configuring everything, at the end of the day, we want to back up that system “just in case”. So, the safest thing we can do is probably to create a user in IAM and add the username and password to our server. Even though we can close many ports and keep our server secure to prevent someone from entering our server and stealing our credentials, we should take a better measure to avoid leaving our credentials exposed on the server. The best thing would be to create a role and add that role to EC2, where we can add different permissions on S3. There may be cases where we only want to read some data or perhaps save a database or simply update something. Whatever we want to do, we can give the appropriate permissions from the console.
The first thing you should do is log in to the AWS console with your credentials. Sometimes we may not have the necessary permissions to do this, so check with your administrator if you have sufficient permissions.
In the menu on the left, go to the link that says “Roles” and click on it. A screen similar to the one above will appear, and a blue button that says “Create role”, Click on it.
A screen like the one above will appear, where you will leave “AWS service” as the default and select “EC2” under “Use case”. Click on “Next”.
In the “Add permissions” section, you should add the permissions you need within your server. You can enter “S3” and press Enter to filter the permissions that match the word you entered.
Once the permissions have been filtered, you can click on the permissions you need. In my case, we will give “Full Access to Amazon S3”. Immediately after, click “Next”.
You should assign a name to your policy in order to identify it later and click on “Create role” at the bottom. If you want to add a tag to better identify it, you can do so, but this step is optional.
AWS will notify you that your role, whatever its name may be, has been created. And there you have it, we now have a role, but we still need to add it to our EC2. So, let’s continue.
For this, we need to go to EC2 and select the instance where we want to add our role. Select it and then click on “Actions/Security/Modify IAM Role”.
We will be taken to the screen above, where we can modify the role to “MyS3RoleFullAccess” or the name you have given it. Once selected, you can click on the “Update IAM Role” button.
Once all of this is configured, we can go to our command line console.
It is important that if you don’t have the AWS CLI installed, you install it. Here is the documentation in Spanish in case you don’t know how to do it, and it will also depend on your operating system.
Installation or update of the latest version of AWS CLI.
In the following image, we execute a simple command to list our S3 bucket using the command:
aws s3 ls
If you need more help with the commands you can execute, you can consult the following documentation:
And well, we’re almost done. To recap, we have already configured the role, then added the role to EC2, and we saw that they communicate without any problem. Now we need to create the backup. In my case, I am backing up all the information I have from a WordPress. This script is very simple and basic, but it does what I need.
So, I will add a file called “backupwww.sh" in the backups folder. You can place it wherever you want, just remember to add sufficient permissions to avoid any issues.
tar -czf mysite_www_$today.zip /var/www/mysite.com/htdocs/
echo "Backup & Zip www folder $today done! - FILENAME mysite_www_$today.zip"
aws s3 cp "mysite_www_$today.zip" s3://mysite/www/
echo "Sent to S3 mysite_www_$today.zip"
rm -rf mysite_www_$today.zip
Once you have created this script, you can execute it as follows:
And it will create a copy of your site and upload it to S3 “as if by magic”.
And that’s how it’s done. If you have any doubts or comments, you can ask them here or send me a tweet at @johntzulik. If you know of any other tools, I would appreciate it if you shared them with me.
Applauding costs nothing. :D
How to create a backup from EC2 and save it on s3? was originally published in 200 Response on Medium, where people are continuing the conversation by highlighting and responding to this story.