Backup to S3 Object ACL Issues

Hey All,

I was wondering if anyone has ever done backups to an s3 bucket that exists in a different AWS account? I’m running into issues with S3 Object ACLs. The files that are being uploaded from AWS Account A to the S3 Bucket in AWS Account B are restricted to the AWS account that uploaded the objects (in this case AWS Account A). The Bucket owner (AWS Account B) does not have permissions to access the files. I spoke with AWS Support and the --acl bucket-owner-full-control parameter needs to be included to give the bucket owner in AWS account B full access to those objects. I there any way to configure this when using the BACKUP command in memsql?

Thanks,
Aaron

Also, can the BACKUP run without including the CREDENTIALS parameter? Or is it possible to just have a bucket policy that gives access to the bucket?

Hi Aaron,

For your first question, currently we do not have the --acl bucket-owner-full-control parameter set when doing the backup. A workaround for this would be to have your policy set, so that any uploads to a bucket give full control to the bucket owner. Amazon has a good example of how to do this here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-8

For the second, you can pass empty credentials, however syntactically you still need to provide a credentials parameter, you can do this by just passing ‘{}’ as the credential string.

Modifying the example found in the docs, it would look like this:

BACKUP DATABASE memsql_demo TO S3 "backup_bucket/backups/6_1_2018" CONFIG '{"region":"us-east-1"}' CREDENTIALS '{}'

I hope that helps!
Nate