How to Backup a Linux VPS to an Amazon AWS S3


You should already have an account with AWS.

S3 Bucket  How Do I Create an S3 Bucket?

Access keys (access key ID and secret access key) need to be generate from AWS Management Console — Understanding and Getting Your Security Credentials

Step 1 — Installing Restic

Restic might be included in your OS’s default repositories (it is on Ubuntu) but it’s better to opt for the releases on Restic’s GitHub page. The binary you’ll get from apt or yum will be several versions behind, and the GitHub flavor auto-updates itself anyways.

Find the latest version of Restic on their GitHub releases page. Since I’m assuming this is a Linux server, we only want the file ending in _linux_amd64.bz2. (For a 32-bit Linux server, find _linux_386.bz2. Windows, macOS, and BSD binaries are also there.) Right-click and copy the direct URL for that file and head over to your server’s command line to download it into your home directory:

$ cd ~
$ wget

Next, we’ll unzip the download in place:

$ bunzip2 restic_*

This should leave us with a single file: the Restic binary. In order to make Restic available system-wide and accessible with a simple restic command, we need to move it into the /usr/local/bin folder, which requires sudo access:

$ sudo mv restic_* /usr/local/bin/restic
$ sudo chmod a+x /usr/local/bin/restic


Now’s a good time to run restic to make sure we’re good to move on. If you see the version number we downloaded, you’re all set!

$ restic version
Step 2 — Connect Restic to Amazon S3

If you haven’t already created a new S3 bucket and grabbed your access key and secret from the AWS console, do so now.

We need to store these keys as environment variables named AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. For now, we’ll set these temporarily until we automate everything in the next step.

$ export AWS_ACCESS_KEY_ID=”your AWS access key”
$ export AWS_SECRET_ACCESS_KEY=”your AWS secret”

We’ll also need to tell Restic where the bucket is located and set a secure password to encrypt the backups. You can generate a super-secure 32-character password by running openssl rand -base64 32 — just make sure you store it somewhere safe!

$ export RESTIC_PASSWORD=”enter-your-super-secure-password”


Step 3 — Initialize the backup repository

Now we’re ready to have Restic initialize the repository. This saves a config file in your S3 bucket and starts the encryption process right off the bat. You only need to run this once.

$ restic init

If successful, you should see a message containing created restic backend. If not, make sure you set all four environment variables correctly and try again.

Step 4 — Make our first backup

Now that the hard parts are done, creating a backup (or “snapshot” in Restic terms) is as simple as a one-line command. All we need to specify is the directory you want to backup.

$ restic backup /srv/important/data

Running restic snapshots will list every snapshot you’ve stored. You should see one listed at this point if everything went according to plan.

Step 5 — Automate backups using a cron job

Linux makes it incredibly easy to automate scripts using cron jobs. So let’s set one up for this.

Make a new file at a convenient location on your server and name it This is where we’ll replicate everything we did above. Here’s my full .sh file:

export AWS_ACCESS_KEY_ID=”xxxxxxxx”
export AWS_SECRET_ACCESS_KEY=”xxxxxxxx”
export RESTIC_PASSWORD=”xxxxxxxx”
restic backup -q /srv/xxxxxxxx

(The -q flag silences the output, since we won’t be able to see it anyways.)

I highly recommend adding one final command to the end of the file: Restic’s forget feature. Constantly storing multiple snapshots a day to S3 without pruning them will rack up your bill more than you’d probably like. Using forget, we can specify how many snapshots we want to keep and from when.

This command keeps one snapshot from each of the last six hours, one snapshot from each of the last seven days, one snapshot from each of the last four weeks, and one snapshot from each of the last twelve months.

restic forget -q –prune –keep-hourly 6 –keep-daily 7 –keep-weekly 4 –keep-monthly 12

Reading the documentation for different forget options can be helpful if you want to customize these.

Save the shell script and close the editor. Don’t forget to make the script we just wrote actually executable:

$ chmod +x

Lastly, we need to set the actual cron job. To do this, run sudo crontab -e and add the following line to the end:

0 * * * * /root/

The first part specifies how often the script should run. 0 * * * * runs it right at the top of every hour. Personally, I choose to run it at the 15th minute of every other hour, so mine looks like 15 */2 * * * is a nifty “calculator” to help you customize this expression to your liking — it’s definitely not the most intuitive syntax.

The second part specifies where the script we just wrote is located, of course, so set that to wherever you saved

Step 6 — Verifying and restoring snapshots

Note: In order to use restic in future shell sessions, we need to make the four environment variables permanent by adding them to your .bash_profile or .bashrc file in your home directory. Simply copy and paste the four export lines from the file we created above to the end of either dotfile.

Take note of the next time that your new cron job should run, so we can check that it was automatically triggered. After that time — at the top of the next hour if you used my defaults in the last step — you can run restic snapshots like we did before to make sure there’s an additional snapshot listed, and optionally take the IDs of each snapshot and run restic diff ID_1 ID_2 to see what’s changed between the two.

To restore a snapshot to a certain location, grab the ID from restic snapshots and use restore like so:

$ restic restore 750x69xyz –target ~/restored_files

You can also replace the ID with latest to restore the latest snapshot.

When trouble strikes and you’re setting up a new server, just re-follow steps one, two, and six and you’ll have all your files back before you know it!

There are a few other neat options for browsing and restoring snapshots, like mounting a snapshot as a disk on your file system. Read more about that on the “restoring from backup” docs page.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?