tags:

views:

39

answers:

2
+1  Q: 

Amazon S3 as secure backup without multiple invoices

I'm storing copies of database backups on Amazon S3 using the Python Boto library. But I worry that if my web server was hacked, those backups could be deleted using the credentials I need to do the upload.

Ok, so I know you can grant permissions to another Amazon email address, so I can imagine doing that after an upload then removing the original user's write access BUT in this scenario I now end up with 2 accounts and 2 sets of invoices to give to accounts every month.

Is there a solution to this that doesn't require multiple invoices, yet keeps my backups completely independent of my web server. What's the best practice here?

A: 

Just seen that Amazon announced Consolidated Billing to solve this problem.

Are there any other/better solutions?

Tom Viner  2010-05-21 12:00:04
A: 

Also, if you are really worried, there is 'MFA Delete'. (MFA == Multi Factor Authorization)

With MFA - Delete 'on' - which requires versioning, no one can delete files from S3 unless they have a physical key - fob thingy that has a constantly changing number on it that needs to be entered so you can delete the file. Kinda 'secret agent man' - like.

Tom Andersen  2010-05-26 23:35:29
Yeah I saw that, but thought it was total overkill. What I'm still trying to figure out, is how to upload then remove that users permission to delete or overwrite.
Tom Viner  2010-05-27 13:49:08
I believe having the upload copied out to another bucket using a manager user is the only way.
Tom Viner  2010-05-27 15:33:47

related questions

What types of Technologies does Amazon.com use Internally
Max files per directory in S3
What is the best way to backup mysql in s3?
What are best practices for preventing stale CSS and JavaScript
How to upload a file with django (python) and s3?
Can I set the expires header on all objects in an Amazon S3 bucket all at once?
Anyone actually using Mosso Files (Amazon S3 competitor)?
Would an S3 cache module for IIS7 be useful?
Need assistance with diagnosing SOAP packet problem with Amazon S3
Best process for auto-zipping of multiple MP3s
Is it possible to change headers on an S3 object without downloading the entire object.
.NET library or asp.net application for Amazon S3
robocopy, jungledisk file copy problems.
SSH into Amazon EC2 Instance
Can you use Amazon S3 via Flex?
Experiences and tips for programming with and for Amazon's cloud servers/apps/tools?
Amazon - EC2 cost?
Amazon S3 standalone stub server
http PUT a file to S3 presigned URLs using ruby
Is Amazon S3 ready for prime time?
Amazon SimpleDB
Does Amazon S3 fail sometimes?
Is there a way to have index.html functionallity with content hosted on S3?
Delete Amazon S3 buckets?
Do you use Amazons Cloud services for your company?