Backups Strategy

Backups should be kept in S3 (bucket openmrs-backups). S3 is configured to archive to Glacier after 30 days, and delete after 6 months (deleting before 3 months is actually more expensive).

Each server will have a separate access key pair, which only allows writes into a specific folder of the S3 bucket. All AWS resources are being created by cloudformation (i.e., nothing is done manually on AWS console). Stack can be seen on AWS console. The credentials per machine are on the output of that stack.

So, on each server, there should be: A cron task or equivalent which will get all relevant files into /opt/backups AWS credentials for that server Python and aws-cli installed Cron task to upload all files in /opt/backups to s3://openmrs-backups/// and delete them on disk on completion.

Exception is talk/discourse. Discourse is configured to upload its backups straight to S3, bucket openmrs-talk-backups.

How to upload manual backups

For all manually uploaded backups, use S3 bucket openmrs-manual-backup.

• On AWS console, create a new key pair for your user. Go to IAM -> -> Security Credentials -> Create access key
• On AWS console, go to S3 -> 'openmrs-manual-backup'. Verify there's a folder for the product you are uploading the backups. Otherwise, create a folder now.
• Install aws cli on a machine with the backups pip install awscli
• Run 'aws configure' locally. Add the access key created before, and region 'us-west-2'.
• Run aws cli to upload files to the s3 bucket. For example: aws s3 cp backup-2016-09-03.tgz s3://openmrs-manual-backup/nexus to upload a file to the folder nexus.