Backups Strategy

Backups should be kept in S3 (bucket openmrs-backups). S3 is configured to archive to Glacier after 30 days, and delete after 6 months (deleting before 3 months is actually more expensive).

Each server will have a separate access key pair, which only allows writes into a specific folder of the S3 bucket. All AWS resources are being created by cloudformation (i.e., nothing is done manually on AWS console). Stack can be seen on AWS console. The credentials per machine are on the output of that stack.

So, on each server, there should be: A cron task or equivalent which will get all relevant files into /opt/backups AWS credentials for that server Python and aws-cli installed Cron task to upload all files in /opt/backups to s3://openmrs-backups/// and delete them on disk on completion.

Exception is talk/discourse. Discourse is configured to upload its backups straight to S3, bucket openmrs-talk-backups.

How to upload manual backups

For all manually uploaded backups, use S3 bucket openmrs-manual-backup.

• On AWS console, create a new key pair for your user. Go to IAM Users -> -> Security Credentials -> Create access key. Download the csv file, and keep it safe!
• On AWS console, go to S3 -> 'openmrs-manual-backup'. Verify there's a folder for the product you are uploading the backups. Otherwise, create a folder now.
• Install aws cli on a machine with the backups pip install awscli
• Run 'aws configure' locally. Add the access key created before, and region 'us-west-2'.
• Run aws cli to upload files to the s3 bucket. For example: aws s3 cp backup-2016-09-03.tgz s3://openmrs-manual-backup/nexus/backup-2016-09-03.tgz to upload a file to the folder nexus.
• After the uploads, please deactivate the access key from the amazon console. You should create a new access key every time there's a desire to upload something.