Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




62 posts

Master Geek


# 253148 29-Jul-2019 14:48
Send private message quote this post

Has anyone got a sample S3 policy to set up a user for Arq?

 

 

It looks like something has changed in Arq since the docs, as I don't see the 'create restricted user' option - just 'change credentials'. And they don't seem to list permissions required anywhere.

Create new topic


62 posts

Master Geek


  # 2285613 30-Jul-2019 11:18
Send private message quote this post

Answering my own question...

 

 

Arq support (fast response!) say the 'Create Restricted IAM User' button is only in the Mac version, not the Windows version. But they also pointed to a doc page I didn't find with a sample policy here:-

 

https://www.arqbackup.com/documentation/pages/create_aws_key_pair.html

 

 

Basically the suggestion is to create a wildcard 'all S3 permissions' policy restricted to just the bucket you are using for backups.

15247 posts

Uber Geek

Trusted
Subscriber

  # 2285656 30-Jul-2019 12:39
Send private message quote this post

Yes, the policy on that page is appropriate. It gives you access to the bucket, the bucket contents, and also to list the buckets in the account. I would create the policy, assign it to a group, then create an IAM user to put into that group. Make sure you use the credentials (access / secret key) of the IAM user not of the root user. The root user shouldn't have keys, and that account should never be used. Create yourself a separate admin account with MFA set up.

 

B2 is easier, and cheaper, but S3 is likely to be more reliable given that data is stored in three data centers and has S3 more features.


 
 
 
 




62 posts

Master Geek


  # 2285732 30-Jul-2019 13:42
Send private message quote this post

All good advice :-)

 

 

I've had Arq > B2 set up for a while now (ultimately to replace CrashPlan) - as you say, very easy to setup, and dead cheap.

 

 

The plan now is to add S3 (Glacier) as a secondary backup.

15247 posts

Uber Geek

Trusted
Subscriber

  # 2285749 30-Jul-2019 14:07
Send private message quote this post

Suggestions:

 

  • Enable encryption inside S3
  • Enable object versioning in S3 to protect against accidental deletion / ransomware
  • Use S3 deep archive class for data files. Make sure you use standard or IA class for things like indexes or files that are changed, because you'll be charged a minimum of 6 months for storage in deep archive class. If Arq doesn't support this you can use a bucket lifecycle rule. I do this for my restic data, everything in the data folder (or something like that) get transitioned to IA class. I don't use Glacier class with backup tools, but I do use it when I upload large amounts of bulk data for backup

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.