Amazon instance profiles are used to pass IAM roles to an EC2 instance. This IAM role can be queried using EC2 instance metadata to access an S3 bucket. Please check Amazon’s Official Documentation for more information.
Today we are happy to announce that starting with Percona XtraBackup 8.0.31-24, xbcloud can read instance metadata and fetch credentials from an instance profile, utilizing it to authenticate against an S3 bucket. Xbcloud is a tool part of Percona XtraBackup and allows you to upload and download backups to Amazon S3 storage.
How it works
Configure your EC2 instance with a valid instance profile as per this guide. Then run XtraBackup streaming to xbcloud without providing any credentials:
1 | xtrabackup ... | xbcloud put --storage=s3 --s3-bucket=bucket-name backup-name |
1 2 | 221121 13:16:26 Using instance metadata for access and secret key 221121 13:16:26 xbcloud: Successfully connected. |
1 2 3 4 5 | 221121 13:04:52 xbcloud: S3 error message: The provided token has expired. 221121 13:04:52 xbcloud: Sleeping for 2384 ms before retrying test/mysql.ibd.00000000000000000002 [1] 221121 13:05:09 xbcloud: successfully uploaded chunk: test/mysql.ibd.00000000000000000002, size: 5242923 . . . 221121 13:05:19 xbcloud: Upload completed. |
Summary
Percona xbcloud can now utilize an instance profile allowing users to automate access to AWS S3 buckets by removing the need of access/secret-key being provided as parameters or configuration.
Percona XtraBackup is a free, open source, complete online backup solution for all versions of Percona Server for MySQL and MySQL. It performs online non-blocking, tightly compressed, highly secure backups on transactional systems so that applications remain fully available during planned maintenance windows.