My strategy is pretty simple. I want to backup to a server in my home. I don't want to expose my server at home via dynamic DNS, so the only option would be to start the backup locally and pull from the EC2 instance.
Fortunately, this is very easy to do. Here are the steps:
- Figure out what local server you want to do your backups to. In my home, the server is a fairly old (e.g., 2005 model) Mac Mini. To that Mac Mini, I've attached a 2TB drive for holding backups. Let's call that system "A". We'll call the EC2 instance hostname "B".
- Create a directory on A to hold the backup. I give the name of the directory the same name as the ec2 instance, makes it easy to know which backup is which. I put it on the 2TB drive since I use that drive for backups. Thus, I issue 'mkdir /Volumes/My2TBDrive/B' to create the directory where the backup will be maintained.
- Copy your private key file (.pem) over to the ~/.ssh directory of machine A, if not already there. This is the key file you generated using the EC2 console before creating the EC2 instance, and it is the same one you use when logging in. Before you copy the keyfile to any .ssh directory, of course, make sure it has a unique name so you don't blow away a key file already there with the same name. Run 'chmod 400 filename' on this file to give it suitable permissions. Let's call the file keyfile.pem.
- Make sure rsync is installed on both the ec2 instance and machine A.
$ sudo rsync -avz -e 'ssh -i /Users/yourusernameA/.ssh/keyfile.pem' yourusernameB@B:/ /Volumes/My2TBDrive/B
(Note, since I am using MacOS X, my home directory is under /Users, and mounted drives are found under /Volumes. On Linux, this would be /home/yourusernameA and /mnt/My2TBDrive/B, respectively. Windows users, sorry, I don't discuss Windows in this post).
The 'ssh -i /Users/yourusernameA/.ssh/keyfile.pem' gives you password-less ssh authentication (and associated encryption of the bits on the wire as they are copied from B to A). This is essential if you want to do the backup from a cron job without having to type passwords (and the keyfile is, as best I can tell, required anyway for getting a login to your EC2 instance).
The yourusernameB@B:/ determines what gets backed up. Here, I am backing up from /. The /Volumes/My2TBDrive/B is the location on machine A where the resulting backup will be located.