AWS S3
Configure Amazon S3 for backup storage.
Store backups in Amazon S3 for reliable, scalable cloud storage.
Prerequisites
- AWS account
- IAM user with S3 access
- S3 bucket created
Create IAM User
- Go to AWS IAM Console
- Click Users > Create user
- Name:
supascale-backups - Select Programmatic access
- Attach policy (see below)
- Save Access Key ID and Secret Access Key
IAM Policy
Create a custom policy with minimum permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}
]
}
Create S3 Bucket
- Go to S3 Console
- Click Create bucket
- Name:
your-company-supascale-backups - Region: Choose closest to your server
- Enable versioning (recommended)
- Enable server-side encryption
Recommended Settings
- Versioning: Enabled (protect against accidental deletes)
- Encryption: SSE-S3 or SSE-KMS
- Block public access: All enabled
- Lifecycle rules: Auto-delete old versions
Configure in Supascale
Via Web UI
- Navigate to Cloud Storage
- Click Add Provider
- Select AWS S3
- Enter:
- Name: "Production S3"
- Access Key ID
- Secret Access Key
- Region
- Bucket name
- Click Test Connection
- Click Save
Via API
curl -X POST https://supascale.example.com/api/v1/cloud-storage \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"name": "Production S3",
"type": "s3",
"isDefault": true,
"s3Config": {
"accessKeyId": "AKIAXXXXXXXXXXXXXXXX",
"secretAccessKey": "your-secret-key",
"region": "us-east-1",
"bucket": "your-bucket-name"
}
}'
Configuration Options
| Option | Required | Description |
|---|---|---|
accessKeyId | Yes | IAM user access key |
secretAccessKey | Yes | IAM user secret key |
region | Yes | AWS region (us-east-1, eu-west-1, etc.) |
bucket | Yes | S3 bucket name |
endpoint | No | Custom endpoint (for S3-compatible) |
pathStyle | No | Use path-style URLs |
S3 Regions
Common regions:
| Region | Location |
|---|---|
us-east-1 | N. Virginia |
us-west-2 | Oregon |
eu-west-1 | Ireland |
eu-central-1 | Frankfurt |
ap-southeast-1 | Singapore |
ap-northeast-1 | Tokyo |
Choose a region close to your server for faster uploads.
Test Connection
Verify configuration works:
curl -X POST https://supascale.example.com/api/v1/cloud-storage/provider-id/test \ -H "X-API-Key: your-api-key"
Response:
{
"success": true,
"message": "Connection successful"
}
Lifecycle Rules
Configure automatic cleanup in S3:
- Go to bucket Management > Lifecycle rules
- Create rule:
- Name: "Delete old backups"
- Scope: Entire bucket or prefix
- Action: Expire current versions
- Days: 90
Example for tiered storage:
- Move to Glacier after 30 days
- Delete after 365 days
Cost Optimization
Storage Classes
| Class | Use Case | Cost |
|---|---|---|
| Standard | Frequent access | $$$ |
| Standard-IA | Infrequent access | $$ |
| Glacier | Long-term archive | $ |
Tips
- Use lifecycle rules to move old backups to cheaper tiers
- Enable S3 Intelligent-Tiering for automatic optimization
- Delete backups you no longer need
- Monitor costs with AWS Cost Explorer
Security
Encryption
Enable server-side encryption:
- SSE-S3: Amazon-managed keys
- SSE-KMS: Customer-managed keys (more control)
Access Control
- Block all public access
- Use IAM policies for access control
- Enable bucket logging for audit trail
- Consider VPC endpoints for private access
Troubleshooting
"Access Denied"
- Verify access key is correct
- Check IAM policy permissions
- Verify bucket name and region
- Check bucket policy doesn't block access
"Bucket not found"
- Verify bucket name spelling
- Confirm bucket exists in specified region
- Check bucket wasn't deleted
"Slow uploads"
- Check network connectivity
- Consider using a closer region
- Enable S3 Transfer Acceleration
- Check for bandwidth limitations