--- title: "Backup and Restore for AWS S3 Bucket - SGX" slug: "fortanix-dsm-backup-and-restore-for-aws-s3-bucket-sgx" updated: 2026-04-01T07:31:22Z published: 2026-03-18T07:43:13Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Backup and Restore for AWS S3 Bucket - SGX ## 1.0 Introduction This article describes the Fortanix-Data-Security-Manager (DSM) Amazon Web Services (AWS) S3 Bucket backup and restore procedures for a SGX machine. ## 2.0 Backing Up the Cluster Data Perform the following tasks to create the storage accounts and S3 buckets for backing up the cluster data to AWS S3 Bucket: ### **2.1 Creating the S3 Bucket** Perform the following steps to create the S3 Bucket: 1. Sign into the **AWS Management Console** and open the Amazon S3 console. 2. Click **Create bucket**. ![Create_Bucket_Option.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11565441628948.png) **Figure 1: Create bucket option** ![Create_Bucket_Landing_Page.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11565449723540.png) **Figure 2: Create bucket landing page** 3. Perform the following steps to get your access key ID and secret access key: 1. Open the IAM console at URL: [*https://console.aws.amazon.com/iam/*](https://console.aws.amazon.com/iam/) 2. On the navigation menu, click **Users**. 3. Choose your preferred IAM username. 4. Go to the **Security Credentials** tab → **Create Access Key**. To view the new access key, click **Show**. ![Credentials.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11565441685780.png) ## 3.0 Configuring Backup Using AWS S3 Bucket This section describes the steps to configure backups using AWS S3 before or after creating a Fortanix Data Security Manager cluster. Perform the following steps: 1. Edit the `config.yaml` file to add the following properties to enable backups in AWS S3 Bucket, which is your backup destination. *For more information about the*`config.yaml`*file, refer to “Section 5.4: Configure Other Nodes for Joining the Cluster” in the*[*Fortanix Data Security Manager Installation Guide - On-Prem*](https://support.fortanix.com/docs/fortanix-data-security-manager-installation-guide-on-prem#54-configure-other-nodes-for-joining-the-cluster): Refer to the following sample configuration to add new parameters `bucket`, `region`, `access_key_id`, and `secret_access_key`: ```bash backup:  cron_schedule: "0 0 * * *"  backup_mode: "snapshot"  exclude_auditlog: true  aws:    bucket: "containername"    region:    access_key_id:    secret_access_key: ``` > [!NOTE] > NOTE > > - The value for `backup_mode` parameter can be either `snapshot` or `cqlsh`. However, it is recommended to set the value as `snapshot`. > - By default, all the CRON jobs schedules are in the UTC time zone. For example: ```bash backup:  cron_schedule: "0 0 * * *"  backup_mode: "snapshot"  exclude_auditlog: true  aws:    bucket: "dsm-backup-test-bucket"    region: us-east-2    access_key_id:    secret_access_key: ``` 2. Run the following command to redeploy the cluster to apply changes to the `config.yaml` file: ```bash sdkms-cluster deploy --config config.yaml --stage DEPLOY ``` After executing the deploy command, the `DEPLOY` pod starts or shows the status as `RUNNING`. Wait until the job is completed and the status changes to `COMPLETED`. 3. Run the following command to navigate to `bin` folder: ```bash cd /opt/fortanix/sdkms/bin ``` 4. Run the following command to execute the `run_sdkms_backup.sh` script to perform the manual backup: ```bash ./run_sdkms_backup.sh ``` 5. Run the following command to verify the status of the backup: ```bash kubectl logs -l job-name=sdkms-backup-manual ``` ![Output_of_the_Command.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11565449833492.png) **Figure 3: Output of the command** > [!NOTE] > NOTE > > Ensure that Cassandra and appropriate data and secrets are backed up to the AWS S3 Bucket as shown in the following image: > > ![DSM_Backup_Test_Buscket_Page.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11565441702420.png) > > **Figure 4: DSM backup test bucket page** *For steps to back up the audit log, refer to*[*Fortanix DSM Backup for Audit Log*](/v1/docs/fortanix-dsm-backup-for-audit-log)*.* *For steps to disable the backup configuration, refer to*[*Disable Backup Configuration*](/v1/docs/introduction-to-fortanix-dsm-backup-and-restore#60-disable-backup-configuration)*.* ## 4.0 Recovering the Data *For more information on data recovery procedure, refer to the*[*Fortanix DSM Restoration Guide - Automated*](/v1/docs/fortanix-dsm-restoration-guide-automated)*.* Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface. Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface. ## Related - [Introduction to Fortanix DSM Backup and Restore](/introduction-to-fortanix-dsm-backup-and-restore.md) - [Restoration Guide - Automated](/fortanix-dsm-restoration-guide-automated.md)