Articles in this section

See more

Configure AWS Transfer SFTP for FMOS Backup

Avatar
Nathan Henderson
  • Updated
Follow

Scenario

This procedure is for any client who has a FMOS installation in AWS or on-Prem that would like to be able to transfer backup files to an AWS S3 bucket.  By the end you, will have the ability to designate the AWS transfer server URL as an SFTP target using the public/private key pair for the "fmbackup" user.  Once this is setup, a script can be executed on FMOS to create the remote-sftp.sh script in postbackup.d required to setup the backup transfer.

 

Prerequisites

AWS S3 bucket

IAM permissions to do the following:

  • Create/Edit IAM Policy
  • Create IAM Role
  • Create AWS Transfer Server

AWS Post Backup Preparation Script (Attached)

 

Procedure

Create IAM Policy

IAM_Policy.png

 

Policy > Create Policy

Select Service: S3

Add Actions:

  • ListBucket
  • GetBucketLocation

Resources: Specific

Click "Add ARN"

Bucket Name: <add bucket name>

Click Add/Save Changes

bucket1.png

 

Click "Add additional permissions"

Select Service: S3

Add Actions:

  • GetObject
  • GetObjectVersion
  • DeleteObject
  • DeleteObjectVersion
  • PutObject

Resources: Specific

Click "Add ARN"

Bucket name: <Add bucket name>

Object name: * (Any will automatically be selected)

Click Add/Save Changes

bucket2.png

 

Click "Next: Tags", add tags if needed and click "Next: Review".

Name and click "Create Policy".

 

Create IAM Role

Click Roles

Click "Create Role"

Select AWS Service > Transfer

select_transfer.png

Click "Next: Permissions"

Search for and select the IAM Policy that was created earlier

Click "Next: Tags", add tags if needed and click "Next: Review"

Create role

 

Create Transfer Server

Search for "AWS Transfer Family"

transfer_search.png

Click "Create Server"

Choose Protocols: Select "SFTP"

Next

Identity provider type: "Service Managed"

Next

Endpoint type: Select Public or VPC

Next

Domain: Amazon S3

Next

Configure additional details: Add any settings that are required for your organization

Next

Review and click "Create Server"

 

Obtain "fmbackup" User Public Key from FMOS

Upload the attached "backup-aws.sh" to your "/home/<user>" directory of the server that holds the database role.

Run script "bash backup-aws.sh"

Enter AWS Transfer server FQDN

When the script completes it will cat the public key for the fmbackup user

Copy the public key to notepad for later use

 

Add "fmbackup" user to AWS Transfer Server

Click transfer server to edit

Click "Add user"

Note: Here you will need to add a user called fmbackup selecting the IAM role and policy that was created in a previous step

Choose the S3 bucket

Add the public key that was obtained via script

Save user when complete

Run "fmos backup" from FMOS command line and verify that backup file is in the S3 destination

 

add_fmbackup_access.png

add_fmbackup_key.png

 

 

Related articles

Comments

1 comment

Sort by Date Votes
  • Avatar
    Karla Ledesma
    • Edited

    Hi team, is this still valid for FMOS versions 9.7+ ?

    Also, is the same procedure valid when the FMOS server is also at AWS? 

    Thanks

    0
    Comment actions Permalink

Please sign in to leave a comment.