We are implementing database dumping which is straightforward but can be tedious to setup. Here's our setup:
- Create AWS user for db backups (e.g.
db-backups-{{app}}
)- Save credentials in a secure location
- If adding db scrubbing, use a separate user (e.g
db-scrubs-{{app}}
)
- Create bucket for S3 access logging (e.g.
s3-access-log-{{app}}
) - Create consistently named bucket for db dumps (e.g.
db-backups-{{app}}
)- Enable logging to
s3-access-log-{{app}}
with prefix ofdb-backups-{{app}}
- Enable logging to
- Add IAM policy for bucket access
- Select user -> Choose "Add inline policy"