Secured bash script to backup a MySQL RDS dump to S3
This is an update to an earlier post which aims to make the bash script a bit more secure by removing the need to have a password stored in plain text and for it to only be R/W/X by root.
1) First we need to run everything that follows as root:
$ sudo -i
2) Install the S3 tools to move the files off the server. The -y flag just assumes yes to all prompts.
$ apt-get install -y s3cmd
3) Configure these with your IAM credentials
$ s3cmd --configure
4) Install the MySQL client tools only
$ apt-get install -y mysql-client-5.6
5) Next we are going to create a MySQL connection which we'll reference in the mysqlBackUp.sh script, that we create later, so we don't need to store the password as plaintext. Once you run this you'll be asked to enter your password for MySQL
$ mysql_config_editor set --login-path=local --host=localhost --user=username --password
This will also prevent the error which will occur now with the old instructions: "Warning: Using a password on the command line interface can be insecure." coming up which will stop your script from running.
6) Add this to mysqlBackUp.sh via nano /path/to/script/mysqlBackUp.sh
7) Make this file executable
$ chmod 700 /path/to/script/mysqlBackUp.sh
8) Ensure only root can r/w/x
$ chown root:root /path/to/script/mysqlBackUp.sh
9) Finally create a root CRON job, $ crontab -e
, with the following line in it:
CRON job: 0 0 * * * /path/to/script/mysqlBackUp.sh
10) Exit as root
$ exit
Thats it, all set and a little bit more secure than last time.