I need to backup my Percona XtraDB database from EC2 instances to S3 bucket, but bucket content needs to be encrypted with our own key hosted on KMS service.
I’m running 2.4.19 version on Ubuntu 18.04, but I can’t find any reference about IAM Role and KMS key support in xbcloud --help, isn’t it?
The only confirm about IAM Role support (but not KMS key) I found is on page 12 of “Percona XtraBackup Current and Future State” Tyler Duzan pdf for FOSDEM 2020.
My current workaround:
- Install aws cli
- Create a local system user called xtrabackup
- Create a MySQL user called xtrabackup, auth method: auth_socket
- Backup via
sudo -u xtrabackup xtrabackup --user=xtrabackup --backup --stream=xbstream --galera-info --target-dir=/tmp 2>/dev/null | aws s3 cp - s3://<bucket>/<dump_db_file_name> --region <region> --sse aws:kms --sse-kms-key-id <kms_key_id>
@Giovanni_Vecchi Have you looked at the xbcloud utility? It provides a more native integration to S3. I’m not sure if that solves your issue, but I was curious if you’d looked at it.
@matthewb as per my first post, IAM Role and KMS key seemed not supported at the time of writing: are there any news?
@Giovanni_Vecchi Ah, I misread your first post. If there’s nothing in the documentation then there’s no native support as far as I can tell. I found one open feature request in our JIRA, https://jira.percona.com/browse/PXB-1882 Please feel free to add your own “I need this” to the JIRA. Our roadmap teams do indeed look at these and prioritize based on user need.
@matthewb thanks for poiting me to the jira FR, I already voted for it
@Giovanni_Vecchi Great. Can you please mark that as answered? (Helps keep the forums clean, thanks)
@matthewb how to? thx
Should be a button under one of my comments either ‘Answer’ or ‘Awesome’, something like that. I can’t see it cause I’m staff.