Integrate with Amazon S3

Learn how to integrate with Amazon S3 and create environment-wide backups.

You can integrate the StackRox Kubernetes Security Platform with Amazon S3 to enable data backups. You can use these backups for data restoration in the case of an infrastructure disaster, or corrupt data. After you integrate with Amazon S3, you can schedule daily or weekly backups and do manual on-demand backups.

The backup includes the StackRox Kubernetes Security Platform’s entire database, which includes all configurations, resources, events, and certificates. Make sure that backups are stored securely.

  • If you’re using the StackRox Kubernetes Security Platform version 3.0.53 or older, the backup doesn’t include certificates.
  • If your Amazon S3 is part of an air-gapped environment, you must add your AWS root CA as a trusted certificate authority in the StackRox Kubernetes Security Platform.

Configure Amazon S3

Before you configure S3 backups in the StackRox Kubernetes Security Platform, you must have:

  • An existing S3 Bucket.
  • Read, write, and delete permissions for the S3 bucket, the Access key ID, and the Secret access key.
  • If you are using KIAM, kube2iam or another proxy, then an IAM role that has the read, write, and delete permissions.

To create a new bucket with required permissions, see the official Amazon documentation topic How Do I Create an S3 Bucket?

Configure the StackRox Kubernetes Security Platform

To configure Amazon S3 backups, create a new integration in the StackRox Kubernetes Security Platform:

  1. Navigate to Platform Configuration > Integrations.
  2. Under the External backups section, select Amazon S3.
  3. Select the New Integration icon.
  4. In the Integration Name box, enter a name for this integration.
  5. Enter the number of backups to retain in the Backups To Retain box.
  6. For Schedule, select the backup frequency (daily or weekly) and the time to run the backup process.
  7. Enter the Bucket name in which you want to store the backup.
  8. (Optional) Enter an Object Prefix if you want to save the backups in a specific folder structure. For more details, see the official Amazon documentation topic Object keys.
  9. Enter the Endpoint for the bucket if you’re using non-public S3 instance, otherwise leave it blank.
  10. Enter the Region for the bucket.
  11. Turn on the Use Container IAM Role toggle or enter the Access Key ID, and the Secret Access Key.
  12. Select Test (checkmark icon) to confirm that the integration with Amazon S3 is working.
  13. Select Create (save icon) to create the configuration.

Once configured, the StackRox Kubernetes Security Platform automatically backs up all data according to the specified schedule.

On-demand backups

To trigger manual backups:

  1. On the StackRox portal, navigate to Platform Configuration > Integrations.
  2. Under the External backups section, select Amazon S3.
  3. Select the integration name for the S3 bucket in which you want to do a backup.
  4. Select Trigger Backup.

Currently, when you select the Trigger Backup option, there is no notification. However, the StackRox Kubernetes Security Platform begins the backup task in the background.

For more details, see Backup and restore.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.