SD4H wiki

Backing up Object Store: Difference between revisions

Page Discussion

Backing up Object Store (view source)

Revision as of 20:28, 3 June 2025

322 bytes added ,  Tuesday at 20:28
m
Confirm policy applied section added.
m (Slight re-wording of first para. Minor spelling corrections.)
m (Confirm policy applied section added.)
Line 18: Line 18:
Please follow this procedure to request backups of your buckets.  
Please follow this procedure to request backups of your buckets.  


==List bucket==
==Email the list of buckets==


Send a list of buckets to back up to [mailto:juno@calculquebec.ca sd4h support] with the name and ID of the project where the buckets live.
Send a list of buckets to backup to [mailto:juno@calculquebec.ca sd4h support] with the name and ID of the project where the buckets live.


==Give us permission==
==Give us permission==


You need to configure the iam policy statement of '''all the buckets''' you want to back up so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.
An iam policy statement must be applied to '''all the buckets''' you want to backup so the TSM robot user in charge of the backup can access them. This can be done with the [https://awscli.amazonaws.com/v2/documentation/api/latest/index.html aws cli].


For example, using the [https://docs.aws.amazon.com/cli/latest/ aws cli], apply the policy on <code>my-bucket</code> using the <code>my-profile</code> identity.  
First, ensure that <code>my-bucket</code> currently has no policy. Check bucket <code>my-bucket</code> using profile <code>my-profile</code> (as defined in ~/.aws/config and ~/.aws/credentials files):


First, we make sure that <code>my-bucket</code> currently has no policy.
<pre>$aws s3api get-bucket-policy --profile c3g-data-repos --bucket my-bucket
 
<pre>$aws s3api --profile my-project  get-bucket-policy --bucket my-bucket


An error occurred (NoSuchBucketPolicy) when calling the GetBucketPolicy operation: The bucket policy does not exist
An error occurred (NoSuchBucketPolicy) when calling the GetBucketPolicy operation: The bucket policy does not exist
</pre>
</pre>


If that command returns something, you need to add the new statement the existing policy. But we are not covering that here.
If that command returns something, the new policy statements must be added to the existing policy (which is not covered here).


Adding policy.json to my-bucket
The following policy.json needs to be applied.
<div class="filename">'''File :''' policy.json </div>
<div class="filename">'''File :''' policy.json </div>
<syntaxhighlight lang=json file=my-policy.json>
<syntaxhighlight lang="json" file="my-policy.json">
{
{
"Statement": [
"Statement": [
Line 51: Line 49:
     "Resource": [
     "Resource": [
       "arn:aws:s3:::my-bucket/*",
       "arn:aws:s3:::my-bucket/*",
       "arn:aws:s3:::my-bycket"
       "arn:aws:s3:::my-bucket"
     ]
     ]
   }
   }
Line 58: Line 56:
</syntaxhighlight>
</syntaxhighlight>


Then loading the policy to the bucket:
Load the policy onto the bucket <code>my-bucket</code> using the profile <code>my-profile</code>


<pre>
<pre>
$aws s3api --profile my-profile  put-bucket-policy --policy file://my-policy.json --bucket my-bucket
$aws s3api put-bucket-policy --policy file://my-policy.json --profile my-profile --bucket my-bucket
</pre>
</pre>
== Confirm policy applied ==
As we did before, request the bucket's IAM policy, ensuring that the contents of policy.json are listed.
$aws s3api get-bucket-policy --profile c3g-data-repos --bucket my-bucket


=Restore Procedure=
=Restore Procedure=
Dbrownlee
12

edits

Retrieved from "https://wiki.c3g-app.sd4h.ca/wiki/Special:MobileDiff/168"