At first glance, S3 is not end-user friendly as it is primarily geared towards developers or power users. Fortunately, plenty of people already built tools, such as duplicity, for power users like myself to take advantage of the storage with minimum coding. Duplicity will take care of rsync full and incremental backup and encryption.
Signup with Amazon S3
It's a fairly straight forward process. I chose 99.99% Reduced Redundancy Storage to reduce cost. To me, four 9s is good enough since I have other backups available.
Install duplicity on CentOS 5
It is not in the standard repository, but luckily it is in the EPEL. After you enable EPEL, the actual installation is quite simple:
#yum -y install duplicity
Generate GPG key
Duplicity can take GPG key and encrypt the data. I went with RSA key pairs (signing & encryption):
#gpg --expert --gen-key
On a head-less server, without keyboard or mouse, you may not be able to generate enough entropy for the keys. You can do the following to resolve this issue:
#yum -y install rng-utils
#rngd -r /dev/urandom
After you ran rngd, re-run gpg and you should be able to generate the key pairs
Putting Everything Together
Create a configuration file under /etc/, for example, /etc/aws.conf
Add your AWS access credential
AWS_ACCESS_KEY_ID="123"
AWS_SECRET_ACCESS_KEY="323"
Create a cron script - backup2s3.sh
#!/bin/bash
. /etc/aws.conf
# If you have passphrase for your GPG key
. /etc/passphrase
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export PASSPHRASE
# Bucket name on S3 must be unique
BUCKET="uniqueName"
# Replace 86181CE8 with your key signature
duplicity --encrypt-key=86181CE8 --sign-key=86181CE8 /backup/Pictures s3+http://$BUCKET
Done! You can verify upload progress using S3 Browser.
Backup is unreliable if we don't test and verify restore. I will do couple of tests once I finish the initial upload.
Reference
