Append-only backups

How to do append-only backups to protect against randomware deleting repositories?

The bucket is set so that nothing can be deleted.

@Eli6 Hi :slight_smile: Have you searched the forum for append-only backups already? For example: Search results for 'append-only' - restic forum
This is something which has been discussed many times. If none of the existing threads and information help you solve your issue, come back here.

Please see the work in progress here: Update "forget" command docs with append-only mode security considerations by lgommans · Pull Request #3656 · restic/restic · GitHub

I think it won’t work to make the bucket completely read-only because lock files have to be deletable.

On Wasabi, I use the following policy, which disables deletions everywhere but the locks directory:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowAdditions",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::BUCKETNAME"
    },
    {
      "Sid": "AllowDeleteLocks",
      "Effect": "Allow",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::BUCKETNAME/locks/*"
    }
  ]
}

Replace BUCKETNAME with the name of your bucket. You can also use wildcards like arn:aws:s3:::myprefix-*.

Feedback and other ideas welcome!