Website Backup in your own AWS S3 account

Website Backup in your own AWS S3 account

This article is about keeping your website backup on Amazon Web Services S3. BountySite provides with an addon Backup Sync, which allows to transfer a copy of your website backup to your own AWS account.

In this article, we assume that you already have a BountySite account with backup configured for a site. We will apply for a Free Trial Backup Sync, which as on date, provides a 90 day free offer. Lets quickly get to business.

Create S3 Bucket

AWS Free Tier offers 5GB S3 for first 12 months. If you don't have an account, sign up and create one.

After signing in, go to S3 services(Menu > Storage > S3), and click on Create bucket.

  • Give your bucket a name
  • Region:  Our storage node is in US West Coast, San Francisco.We will choose US East Coast for different geographical zone for data redundancy.
  • Click on Next
Select name and region

Configure options:

  • Choose versioning if you want to keep history of all changes. Every uploaded zip file will be uploaded as a new revision. This could increase your storage space considerably.
  • Choose to encrypt your objects stored in S3. Default AES-256 encryption should be enough.
  • Click on Next.
Configure options

Set permissions: Ensure the defaults(all checked, disallowing public access)

Set public access permissions

Review: Click on create bucket to create a new bucket.

Review your bucket

We have now successfully created a new bucket. Now, we need to create security policy to secure your bucket uploads.

Security Policy

Before creating IAM user key, we will create a new security policy, for the new user. Go to IAM Management Console(Menu > IAM) and click on Policies(from left sidebar). Click on Create policy. Choose tab JSON to directly copy our security policy.

Copy paste the below security policy with few edits:

  • Replace <{bountysitewbkup0192}> with your bucket name, at 2 places. Eg "bountysitewbkup0192"
  • Replace <{x.x.x.x}> with IP of your storage node. Here is how you can get IP address of your storage account. Eg ""
    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::<{bountysitewbkup0192}>/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "<{x.x.x.x}>"
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<{bountysitewbkup0192}>"
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "s3:HeadBucket",
            "Resource": "*"

Key aspects of the policy:

  • Allow put(upload) to the bucket from BountySite storage node IP only
  • ListBucket: Allow list bucket to be able to read contents needed for uploading
  • HeadBucket: Needed to view bucket

After pasting the JSON, click on Review policy. Enter policy name and description and click on Create policy.

IAM User

Lets create IAM user, for BountySite Backup Sync to upload website backup copy. Go to IAM Management Console(Menu > IAM) and click on Users(from left sidebar).  Click on Add user button.

  • Enter username of your choice
  • Select access type as Programmatic access
Add a new user

Under Set permission, choose Attach existing policies directly. In filter policy search for your policy name, and select to apply this policy. Click on Next: Tags to go to next page.

We don't need to tags, so you can skip to Next: Review. Click on create user to create the user.

Copy Access key ID and secret access key needed to configure Backup Sync in BountySite. The secret access key is available only once from the console. Save it securely using password managers like Keepassx, LastPass. Copy Access Key and secret key.

User add Confirmation

Get Backup Sync

BountySite provides free trial of 90 days, as on date, for Backup Sync. You can order one by visiting Free Trial(Sidemenu > Services > Free Trial) and click on Free Trial. Provisioning of the service is done instantly.

Free Trial apply

You can visit notification page to check provisioning status(Top bar > Notifications > Notifications).


Opening the notification, we get "Package Backup Sync has been provisioned successfully" message.

Let's configure Backup Sync(Sidemenu > Manage Availability > Backup Sync). We need the following information to configure:-

  • URL: The Endpoint URL of your AWS bucket. Refer this link for list of endpoint url for respective regions
  • Bucket: Enter bucket name that was created
  • Backup Sync Access Key: Access key that was created by AWS after creating user
  • Backup Sync Secret Key: Secret key from create user.

Trigger site change

Now, Backup Sync only works when a site is modified, either file or database. Meaning, if the backup finds a change in the site, only then backup copy is created and sent to your public cloud storage account.

The change could be triggered by:-

  • adding/modifying post
  • uploading file with contents
  • modifying file contents
  • changing timestamp by using touch {filename}

In our example, we will add a new line to robots.txt. Now, lets schedule a backup to upload archive file.

Schedule a backup now. Help

Confirm Upload

Incremental backups usually should not take more than 5 minutes. We can check with Backups Logs and also check with AWS S3 console.

BountySite : Backup Log

Backup Log

AWS S3 console


Sign up BountySite today and have your website backup in AWS S3.

Show Comments