We have just updated our article on the most secure possible Amazon S3 setup, to reflect improvements that Amazon have made to their S3 service.
Amazon now allow you to set up a bucket with both versioning (keeping of old files, even if they are overwritten or deleted), and lifecycle rules (automatic removal of files after a certain date).
This means that you can set up an Amazon S3 bucket that UpdraftPlus has permission to write to, but not delete from – and instead have Amazon S3 handle the deletion of old backups for you. This means that if an attacker gains access to your Amazon S3 keys for that particular bucket, then they cannot remove your backup data – and you don’t have to manually remove your old data either; the best of all worlds.
For more information on these Amazon S3 features, please take a look at the Amazon developers guides, here and here. (The best place to get help on Amazon S3 features in general is in the Amazon AWS forums, here).
David Anderson (founder, lead developer, UpdraftPlus)
