s3m

Appearance

config.yml

s3m reads credentials and host definitions from ~/.config/s3m/config.yml.

Each object path starts with a host name from this file:

txt
host/bucket/object

Minimal format:

yaml
---
hosts:
  host_name:
    region: <aws-region>
    endpoint: <custom-endpoint>
    access_key: <access-key>
    secret_key: <secret-key>
    compress: <default false>
    enc_key: <32-character-key> # optional

Use region for AWS-style hosts. Use endpoint for other S3-compatible vendors such as MinIO, Backblaze B2, or Cloudflare R2.

Examples

yaml
---
hosts:
  aws:
    region: eu-central-2
    access_key: AKIAZYSYPEXAMPLE
    secret_key: dX8IEdhpIuzaFf3lexample

  public:
    region: eu-east-2

  cloudflare:
    endpoint: 31675149903f5514779b45.r2.cloudflarestorage.com
    access_key: ACCESSKEY
    secret_key: SECRETKEY

  backblaze:
    endpoint: s3.us-west-001.backblazeb2.com
    access_key: ACCESSKEY
    secret_key: SECRETKEY

  backup:
    region: us-east-2
    access_key: ACCESSKEY
    secret_key: SECRETKEY
    compress: true
    enc_key: 12345678901234567890123456789012

  minio:
    endpoint: http://127.0.0.1:9000
    access_key: minioadmin
    secret_key: minioadmin

TIP

For Cloudflare R2 check https://developers.cloudflare.com/r2/api/s3/tokens/ to obtain the access and secret key.

Upload using the backup host from the example above:

sh
s3m /path/to/file backup/backups/test.txt

In that command:

  • backup is the host name from config.yml
  • backups is the bucket name
  • test.txt is the object key

The target bucket must already exist unless you create it with s3m cb.

Monitor rules

You can define monitoring rules per host and then run:

sh
s3m monitor <host>

s3m monitor reads every bucket and rule under hosts.<host>.buckets.

yaml
---
hosts:
  backup:
    region: us-east-2
    access_key: ACCESSKEY
    secret_key: SECRETKEY
    buckets:
      bucket_A:
        - prefix: backups/daily
          suffix: .log
          age: 1d
          size: 30720
      bucket_B:
        - prefix: foo
          age: 12h
          size: 1024
        - prefix: path/to/logs/
          age: 12h

age accepts integer seconds or suffixed durations:

  • 30s
  • 15m
  • 12h
  • 7d

Set size: 0 to skip the minimum size check.

Show configured hosts

sh
s3m show

AWS policy

Example IAM policy to allow full access to one bucket:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::mybucket/*",
        "arn:aws:s3:::mybucket"
      ]
    }
  ]
}

Released under the BSD License.