How do I export an ElastiCache for Redis backup to Amazon S3?

3 minute read
0

I want to export my Amazon ElastiCache for Redis backup to Amazon Simple Storage Service (Amazon S3).

Resolution

Create or use an Amazon S3 bucket that's in the same AWS Region as the ElastiCache cluster

To copy an ElastiCache snapshot (.rdb file) to an S3 bucket, either use or create a bucket in the same AWS Region as the ElastiCache cluster. 

Grant Amazon ElastiCache access to the S3 bucket

To grant ElastiCache access to the S3 bucket, complete the following steps:

  1. Open the Amazon S3 console.
  2. Choose the name of the Amazon S3 bucket that you want to copy the backup to.
  3. Choose the Permissions tab.
  4. Under Access control list (ACL), choose Edit.
  5. Choose Add grantee, and then enter the following canonical ID: 540804c33a284a299d2547575ce1010f2312ef3da9b3a053c8bc45bf233e4353.
  6. Select the following options:
    For Objects, select List and Write.
    For Bucket ACL, select Read and Write.
  7. Choose Save.

Note: AWS GovCloud Regions use the following ID: 40fa568277ad703bd160f66ae4f83fc9dfdfd06c2f1b5060ca22442ac3ef8be6.

Grant the correct permissions to interact with the bucket

The user that exports the backup must have the correct permissions to interact with the bucket. To access the S3 bucket and copy the .rdb file, ElastiCache requires permission in the bucket policy. Also, you must set the users' IAM permissions to access the .rdb file in the S3 bucket.

The following is an example policy that provides the correct permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::*"
    }
  ]
}

Note: In the preceding example, the IAM policy gives access to all S3 buckets. You can also limit the permission to a specific bucket.

If the IAM policy is missing or denies any of the required permissions, then the export returns the following error:

"The authenticated user does not have sufficient permissions to perform the desired activity."

Export an ElastiCache for Redis backup to S3

To export an ElastiCache for Redis backup to an S3 bucket, complete the following steps:

  1. Open the ElastiCache console.
  2. In the navigation pane, under Resources, choose Backups.
  3. From the list of backups, choose the backup that you want to export, and then choose Copy.
  4. Enter a name for your backup in New backup name. Amazon ElastiCache adds an instance identifier and the .rdb file name extension to the value that you enter here. For example, if you enter my-exported-backup, then Amazon ElastiCache creates my-exported-backup-0001.rdb.
  5. From the Target S3 location list, choose the name of the Amazon S3 bucket that you want to export your backup to.
  6. Choose Copy.

Related information

Exporting a backup

Seeding a new self-designed cluster with an externally created backup

AWS OFFICIAL
AWS OFFICIALUpdated a month ago
4 Comments

Can someone explain to me why we need to provide access to all s3 buckets ( "Resource": "arn:aws:s3:::*"), instead of giving access to the specific s3 bucket we want to export the snapshot to?

replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 10 months ago

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::*" } ] }

Please note that any deny statement (bucket or IAM policy statement) to any of the above listed permissions will cause the Redis backup to return an error.

profile pictureAWS
replied 2 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 2 months ago