Page Comparison

...

These instructions are for Wasabi cloud storage, but any Internet-based S3 service has similar functionality:

1. Service — If needed, sign up for Wasabi.

   1. Go to wasabi.com and choose Start your free trial.

   2. Follow the on-screen instructions.

   3. Once setup is finished, log in to the Wasabi console.

2. Bucket — Create a bucket dedicated to backing up your Swarm cluster.

   1. Sign in to the Wasabi console: console.wasabisys.com.

   2. Choose Create bucket.

   3. For Name and region, make your entries:

      1. For Bucket name, enter a DNS compliant name for your new bucket. Buckets cannot be renamed, so choose wisely:

         1. The name must be unique across all existing bucket names in Wasabi S3.

         2. The name must be a valid DNS name, containing only lowercase letters and numbers (and internal periods, hyphens, underscores), between 3 and 64 characters.
            (See S3 documentation: Rules for Bucket Naming.)
            Tip: For easier identification, incorporate the name of the Swarm cluster this bucket is dedicated to backing up.

      2. For Region, choose the one that is appropriate for your business needs.
         

         

   4. For Configure options, take the defaults.
      Best practice: Do not enable versioning or logging unless it is required for your organization.
      

      

   5. Choose Create, and record the fully qualified bucket name (such as "arn:aws:s3:::remote-bucket") for use later, in policies.

   6. Record these values for configuring your S3 Backup feed in Swarm:

      • Bucket Name

      • Region

3. User — Create a programmatic (non-human/console) user that dedicated to Swarm access.

   1. On the Wasabi console, select the service IAM (Identity and Access Management), click Users.
      
      

   2. Add a dedicated user, such as caringo_backup, to provide Programmatic access for Swarm.
      
      

   3. The Wasabi console generates an access key (an access key ID + secret access key), which you must record immediately.
      
      

      • This is the only time that you can view or download the secret access key, so save it in a secure place.

   4. Record the fully qualified user (such as "arn:aws:iam::123456789012:user/caringo_backup") for use later, in policies.

   5. Record these values for configuring your S3 Backup feed in Swarm:

      • Access Key ID

      • Secret Access Key

4. Policies — Create policies on both the user and the bucket so that the programmatic user has exclusive rights to your S3 bucket. You may use the policy generators provided or enter edited versions of the examples below.

   1. Create an IAM policy for this user, allowing it all S3 actions on the backup bucket, which you need to specify as a fully qualified Resource (which you recorded above), starting with arn:aws:s3:::

      IAM policy

      Code Block
      language xml
      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example.cluster1.backup" } ] }

      
      

   2. Create a matching bucket policy to grant access to the dedicated backup user, which you need needs to specify be specified as a fully qualified Principal, which is the User ARN (which you recorded above) starting with arn:aws:iam::.
      Using the Policy Generator, be sure to allow all S3 actions for your a bucket, using the full ARN name:
      
      

      Bucket policy

      Code Block
      language xml
      { "Id": "Policy1560809845679", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1560809828003", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::example.cluster1.backup", "Principal": { "AWS": [ "arn:aws:iam::123456789012:user/caringo_backup" ] } } ] }

      
      

...