Create an IAM user for the sole purpose of uploading backups to S3. Be sure to record the credentials.

Attach an inline-policy to the IAM user. It’s easiest to use the policy generator:

policy editor

Make sure that PutObject is the only action selected, and replace mybucket in the ARN with the name of the S3 bucket you want to use for backups.

The finial policy should look something like this:

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "Stmt1424618503000",
      "Effect": "Allow",
      "Action": [
      "Resource": [

Configuring S3cmd

Install s3cmd on your server. As the user who will be executing pg_dump, run the following to generate a ~/.s3cfg:

s3cmd --configure

You’ll need to provide the access and secret keys, both of which were generated during the creation of the IAM user. Enter an encryption password, and be sure to say yes to using HTTPS.

The Backup Script

Assuming your user is set up for ident authentication to the database, your backup script can be as simple as this:

filename=mydb-`date +%Y-%m-%d-%H%M%S`.dump.gz
pg_dump mydb > $filename
s3cmd put $filename s3://mybucket/
rm $filename

Later versions of s3cmd (1.5.0+) can read the input file directly from stdin, thus eliminating the need for an intermediate file:

pg_dump mydb | s3cmd put - s3://mybucket/$filename

Add that to your crontab for some quick-and-dirty offsite scheduled backups!