restic s3 backup

permissions config for not allowing deletion backed up files (only keys and locks)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::BUCKET_NAME/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::BUCKET_NAME/keys/*",
        "arn:aws:s3:::BUCKET_NAME/locks/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::BUCKET_NAME"
      ]
    }
  ]
}

replace BUCKET_NAME with the name of the bucket used for restic

create a ~/.restic-env

export AWS_ACCESS_KEY_ID="***REDACTED***"
export AWS_SECRET_ACCESS_KEY="***REDACTED***"
export RESTIC_PASSWORD="***REDACTED***"
export RESTIC_REPOSITORY="s3:https://DOMAIN/BUCKET_NAME"

enable restic-env by calling . ~/.restic-env

init repository by running restic init