Backup Lite

Backing up your Solodev CMS Lite involves creating an S3 bucket to store all necessary backup files, creating an IAM user for credentialed access, logging in via SSH to the EC2 server, modifying the backup scripts to use your unique credentials, and finally running the backup script itself. Before beginning this process, please take note of these prerequisites:

Prerequisites

• IAM User
  • IAM User ARN
  • IAM User Access Key
  • IAM User Secret Key
• S3 Bucket
• S3 Bucket Name
• EC2 Key Pair
• In order to SSH into the server
• This should be the same Key Pair selected when originally installing the software

Step 1 - Create a New IAM User

1. Within your AWS account, navigate to the "Identity and Access Management (IAM)" dashboard
2. Click on "Users"
3. Click on "Add user"
4. On the "Add user - 1" screen:
1. Give your user a unique name
2. Select "Programmatic access" under Access Type
3. Click on the "Next: Permissions" button to continue
5. On the "Add user - 2" screen:
1. Leave all options set to their defaults under "Set permissions"
2. Leave all options set to their defaults under "Set permissions boundary"
3. Click on the "Next: Review" button to continue
6. On the "Add user - 3" screen:
1. Click on the "Create user" button to continue
7. On the "Add user - 4" screen:
1. Copy/save the "Access key ID" (This will be needed later)
2. Copy/save the "Secret access key" (This will be needed later)
3. Click "Close" to return the the Users screen
8. Click on the user account you just created
9. Copy/save the "User ARN" (This will be needed later)

Step 2 - Create a New S3 Bucket

1. Within your AWS account, navigate to the "Amazon S3" dashboard
2. Click on the "+ Create bucket" button
3. Give your button a DNS-compliant name (all lower case, dashes instead of spaces, etc.)
4. Select the region of your bucket
5. Click the "Next" button to continue
6. On the "Configure options" screen:
1. Configure advanced options (although defaults are recommended)
2. Click "Next" to continue
7. On the "Set permissions" screen:
1. Configure advanced options (although defaults are recommended)
2. Click "Next" to continue
8. Review your options and click on the "Create bucket" button to continue
9. You will return tot he "Amazon S3" dashboard; click on the bucket you just created
10. Under the "Permissions" tab, click on the "Bucket Policy" button
11. Copy and paste the following code into the Bucket policy editor (the following code can also be found the EC2 server for the CMS at "/root/s3-backup-bucket.policy")

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Backup Permssions",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "IAM-USER-ARN"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        },
        {
            "Sid": "Backup Permssions 2",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "IAM-USER-ARN"
                ]
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::BUCKET-NAME"
        }
    ]
}

1. Replace all instances of "IAM-USER-ARN" with the User ARN collected in Step 1 - Create a New IAM User
2. Replace all instances of "BUCKET-NAME" with the bucket name you created in Step 2 - Create a New S3 Bucket
3. Once changed, your bucket policy code should look like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Backup Permssions",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::893612263489:user/solodev-cms-lite-user"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::solodev-cms-lite-bucket/*"
        },
        {
            "Sid": "Backup Permssions 2",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::893612263489:user/solodev-cms-lite-user"
                ]
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::solodev-cms-lite-bucket"
        }
    ]
}

4. Click "Save" to set the new bucket policy
5. If you encounter an error saving, double check that your values have the correct spelling and attributes

Step 3 - Modify the Server's Backup Script

1. Refer to the "SSH Into an EC2 Server" on the Common Tasks & Commands page for instructions on connecting to the server through an SSH client
2. Once connected, assume admin rights by running "sudo bash"
3. Edit the primary backup script located at "/etc/duply/backup/conf" (refer to the "Editing Files on the Server with Vi" on the Common Tasks & Commands page for instructions on how to edit with a SSH client)
1. The lines that need to be updated are located at the bottom of the file:

TARGET='s3+http://BACKUP-BUCKET/backups'
export AWS_ACCESS_KEY_ID=IAM_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=IAM_SECRET_KEY

2. Change these values to include the bucket name, IAM Access Key, and IAM Secret key created in Step 1 - Create a New IAM User and Step 2 - Create a New S3 Bucket.
3. Once you've made your changes, exit insert mode and save your changes

Step 4 - Take a Backup

1. Refer to the "SSH Into an EC2 Server" on the Common Tasks & Commands page for instructions on connecting to the server through an SSH client
2. Once connected, assume admin rights by running "sudo bash"
3. Run the backup command by typing the following:

/root/backup.sh

4. You will then see confirmation that a backup has occurred
5. You can double check that a backup has occurred by checking the S3 bucket you created in Step 2 - Create a New S3 Bucket