On Demand Backups
Kaleido nodes can be configured with a
backup configuration, offering an on demand gateway for exporting node data into a customer’s S3 bucket. Backups not only provide an added persistence layer for the ledger, but also allow customers to access the otherwise unsurfaced signing keys and chain data and take full possession of their node contents.
As with KMS, Log Streams and VPC, backup configurations must be generated prior to creating the node. Refer to the Backup section below for instructions on enabling an S3 backup via the user interface. Refer to the Understanding the Kaleido API documentation for instructions on creating a node with an S3 backup via the Kaleido API. Note that if you elect to use the raw API, you must first create a
backupconfiguration object which is passed as a required parameter on the node creation call.
Configuring an S3 Bucket
- Log into the AWS console and navigate to the S3 Service in the Storage category.
- Provide a compliant DNS name for your bucket and follow the pop up instructions for further configuration and permissions. Kaleido does not enforce restrictions on the bucket configuration (e.g. object encryption). Review your configurations and click Create bucket to provision the storage resource.
- Next, navigate to your IAM service and provision a custom S3 policy for one of your IAM users.
- In the lefthand navigation panel select Policies and click Create policy at the top of the screen
- Choose S3 as the Service and enable write access in its entirety. This can be done by simply clicking the box next to Write.
- Create a name for the policy and review it, ensuring that you have provided full write access. Click Create policy to finish.
- Next, click the Users tab in the navigation panel to attach the newly created custom policy to an existing user.
- Click the Add Permissions button and select the Attach existing policies directly option
- Enter you custom policy name into the search bar and select it. Click Next: Review to finalize the user permissions and enable the custom policy against your selected user.