ℹ️ These docs are for current Galileo customers. Docs for the free version of Galileo, can be found here.
Automate AWS Velero setup for Galileo cluster backups with this script, ensuring seamless backup scheduling and data resilience for AWS deployments.
#!/bin/sh -e
# Usage
# ./velero-account-setup-aws.sh <BUCKET> <AWS_REGION>
#
#
print_usage() {
echo -e "\n Usage: \n ./velero-account-setup-aws.sh <BUCKET> <AWS_REGION>\n"
}
BUCKET="${1}"
AWS_REGION="${2}"
if [ $# -ne 2 ]; then
print_usage
exit 1
fi
aws s3api create-bucket \
--bucket $BUCKET \
--region $AWS_REGION \
--create-bucket-configuration LocationConstraint=$REGION \
--no-cli-pager
aws iam create-user --user-name velero --no-cli-pager
cat > velero-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::${BUCKET}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${BUCKET}"
]
}
]
}
EOF
aws iam put-user-policy \
--user-name velero \
--policy-name velero \
--policy-document file://velero-policy.json
resp=`aws iam create-access-key --user-name velero --no-cli-pager`
AWS_ACCESS_KEY_ID=`echo $resp | jq -r .AccessKey.AccessKeyId`
AWS_SECRET_ACCESS_KEY=`echo $resp | jq -r .AccessKey.SecretAccessKey`
cat > credentials-velero <<EOF
[default]
aws_access_key_id=$AWS_ACCESS_KEY_ID
aws_secret_access_key=$AWS_SECRET_ACCESS_KEY
EOF
echo "Credenials file created - credentials-velero"