S3 Backup Configuration

This page will walk you through basic configuration of S3 Backup.

Amazon S3 Settings

S3 Backup uses your own Amazon S3 account, so you might need to register and activate it first.

Create an Amazon.com account

If you already have an account you use for regular purchases, you can use that. If you don’t or if you want to create a separate account, you can get one here.

Activate Simple Storage Service

If you have used S3 before, you already have it activated. If this is the first time you will be using S3 service with this account, you need to activate it first.

Configure credentials in S3 Backup

When you start S3 Backup for the first time, you will see a window like this:

Look up your S3 Access Key ID and Secret on Amazon website and enter them in that dialog.

You should immediately see if the credentials were accepted:

Create an S3 Bucket

All of your S3 storage is divided into “buckets”. The main reason why you might need to have more than one is to have them in different datacenters. Usually you want to create just one bucket in the datacenter closest to you.

Use the bucket selection box to select a datacenter for the new bucket and enter a name for that bucket. This name is global, so you might find that your name was already taken by somebody else. If that happens, just try a different name. Overall bucket names used for backup do not matter, so this can be anything.

Storage Settings

Encryption settings

S3 Backup provides extremely strong encryption (AES-256 CFB, bcrypt-10 for KDF, see this article for more details). All you need to do is to keep the “Encrypt uploads with AES-256” box checked. By default the data is encrypted with your Amazon Secret Key, but if you want more security, you should set a custom encryption password. Set a checkbox next to “Use custom encryption key” and you will be prompted for a password. Make sure you remember it well, because there’s literally no way to recover your data if you forget it.

In the future you can set a different key by clicking the “Change key” button, but the new password will only apply to your uploads from then on. Previously uploaded data remains encrypted with the password it was originally uploaded with.

If you disable storage encryption, the data will still be protected in-transit (because we use HTTPS encryption and submit Content-MD5 checksums with every request) but will be stored as-is on the S3 side.

Other storage settings

Compression — this compresses all of your uploads with bzip2 which provides decent bandwidth and storage savings for some kinds of data. But if most of your data is images, music or video this option doesn’t make much of a difference.

S3 Redundancy — this is an option that allows you to switch between full and reduced redundancy. Reduced redundancy is cheaper but less reliable. We recommend you to use full redundancy for your backups.

Application Security

You can protect S3 Backup with a password, so that only someone having that password is able to start the app and access backed up data. In older versions this was incompatible with backups running on schedule, but this limitation was removed.

Set the checkbox next to “Protect this application with a password” and you will be asked to provide a password. Next time you start the app you will see that you need to enter that password to access configuration or the data. Once you’re in, you can remove the password by unchecking that box.

If you have encryption enabled, but don’t have custom encryption key configured, the app will use this password in its place.

Other issues

Q: How do I configure a proxy?

S3 Backup uses system-wide proxy settings, so if you have it configured for Internet Explorer, S3 Backup will pick it up automatically.

Q: I remember a checkbox to use HTTPS connections. Is it gone?

Yes, we removed it in version 1.1. S3 Backup now always uses encrypted HTTPS connections. We use a smart connection pooling system, so this adds no overhead and there’s no reason to use the less secure HTTP connections.