awsbck

This utility lets you compress a folder and upload it to a AWS S3 bucket, once or periodically.

Disclaimer

This software is young. It is not intended for production use yet. It has not been battle-tested yet.

Use at your own risks!

The CLI options will certainly change, but any breaking change will probably mean an increase in the minor version number as per semver, until it reaches 1.0.0. New features that are backwards-compatible will lead to patch number bumps.

Usage

``` Usage: awsbck [OPTIONS] [FOLDER]

Arguments: [FOLDER] Path to the folder to backup [env: AWSBCK_FOLDER=]

Options: -i, --interval Specify an interval in seconds to run the backup periodically [env: AWSBCKINTERVAL=] -f, --filename The name of the archive that will be uploaded to S3, without extension (optional) [env: AWSBCKFILENAME=] -r, --region The AWS S3 region [env: AWSREGION=] -b, --bucket The AWS S3 bucket name [env: AWSBUCKET=] --id The AWS S3 access key ID [env: AWSACCESSKEYID=] -k, --key The AWS S3 secret access key [env: AWSSECRETACCESSKEY=] -h, --help Print help (see more with '--help') -V, --version Print version ```

CLI arguments take precedence over environment variables.

The --filename option accepts ASCII alphanumeric characters and !-_.*'()/. Other characters will be discarded.

Example

```shell

The .env file in the current directory is read by awsbck

$ cat .env AWSREGION="eu-central-1" AWSACCESSKEYID="YOURKEYID" AWSSECRETACCESS_KEY="yoursecret"

$ awsbck -i 3600 -b mybucket /myfolder ```

Docker example

$ export AWS_REGION="eu-central-1" $ export AWS_ACCESS_KEY_ID="YOUR_KEY_ID" $ export AWS_SECRET_ACCESS_KEY="yoursecret" $ docker run \ --rm \ --mount type=bind,src="$(pwd)"/target,dst=/target,readonly \ -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY \ vbersier/awsbck:latest \ -i 3600 -b my_bucket /target

Installation

Prebuilt binaries

Check out the releases for prebuilt binaries.

Cargo

shell $ cargo install awsbck

Docker

This utility is available as a docker image vbersier/awsbck.

There are two tag variants, one running as a non-root user (latest) and one as a root user (root-latest).

This image is particularly useful to backup named volumes in docker. If you encounter problems where the awsbck logs report a permissions problem, then you can try to switch to the root-latest tag.

Below an example of using it with docker compose. In order to make sure the backup happens properly, we can't just copy the db data, as it might be in the middle of a write or other operation. Thus we send the pg_dumpall command and store the resulting dump to a separate volume that we can backup to S3.

```yml

version: '3.2'

volumes: # the first volume is to persist the database raw data database: # this volume will be used to share the dump file with awsbck database-backup:

services: postgresql: image: postgres:14 restart: unless-stopped volumes: - type: volume source: database target: /var/lib/postgresql/data/ - type: volume source: database-backup target: /backup # this service will send a dump command to the postgres container periodically (here 6h) # and store the resulting file in the database-backup volume mounted at /backup postgres-backup: image: docker:cli containername: postgresbackup volumes: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock command: [ '/bin/sh', '-c', 'while true; do sleep 21600; docker exec -t postgres pgdumpall -c -U postgres > /backup/dumpdatabase.sql; done' ] # we mount the backup volume as read-only and back up the SQL dump every 24h awsbck: image: vbersier/awsbck:root-latest # postgres uses UID 999 which can't be accessed as nonroot restart: unless-stopped volumes: - type: volume source: database-backup target: /database readonly: true environment: AWSBCKFOLDER: /database AWSBCKINTERVAL: 86400 AWSREGION: eu-central-1 AWSBUCKET: mybucket AWSACCESSKEYID: $AWSACCESSKEYID AWSSECRETACCESSKEY: $AWSSECRETACCESSKEY ```