Amazon S3 as secure backup without multiple invoices
https://stackoverflow.com/questions/2881399
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm storing copies of database backups on Amazon S3 using the Python Boto library. But I worry that if my web server was hacked, those backups could be deleted using the credentials I need to do the upload.
Ok, so I know you can grant permissions to another Amazon email address, so I can imagine doing that after an upload then removing the original user's write access BUT in this scenario I now end up with 2 accounts and 2 sets of invoices to give to accounts every month.
Is there a solution to this that doesn't require multiple invoices, yet keeps my backups completely independent of my web server. What's the best practice here?
Solution
Just seen that Amazon announced Consolidated Billing to solve this problem.
Are there any other/better solutions?
OTHER TIPS
Also, if you are really worried, there is 'MFA Delete'. (MFA == Multi Factor Authorization)
With MFA - Delete 'on' - which requires versioning, no one can delete files from S3 unless they have a physical key - fob thingy that has a constantly changing number on it that needs to be entered so you can delete the file. Kinda 'secret agent man' - like.
