1. Answers
  2. Creating Backup Storage Targets for Proxmox VE VMs

How do I create backup storage targets for Proxmox VE VMs?

To create backup storage targets for Proxmox VE virtual machines, you can use Amazon S3 as the storage backend. We’ll set up an S3 bucket, configure the appropriate policies, and then export the necessary details to integrate with Proxmox VE.

Here is a detailed explanation of the resources we’ll use:

  1. aws_s3_bucket: Defines the S3 bucket where backups will be stored.
  2. aws_iam_role: Creates an IAM role that Proxmox can assume to write to the S3 bucket.
  3. aws_iam_policy: Specifies the permissions allowing access to the S3 bucket.
  4. aws_iam_role_policy_attachment: Attaches the policy to the role.

Below is the complete program script:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an S3 bucket for Proxmox VE backups
const proxmoxBackup = new aws.s3.BucketV2("proxmox_backup", {
    bucket: "proxmox-ve-backup-bucket",
    acl: "private",
    versionings: [{
        enabled: true,
    }],
    lifecycleRules: [{
        id: "retain-backups",
        enabled: true,
        expirations: [{
            days: 30,
        }],
        noncurrentVersionExpirations: [{
            days: 30,
        }],
    }],
});
// Create an IAM role for Proxmox VE to access the S3 bucket
const proxmoxBackupRole = new aws.iam.Role("proxmox_backup_role", {
    name: "proxmox-backup-role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
            Action: "sts:AssumeRole",
        }],
    }),
});
// Define the policy for access to the S3 bucket
const proxmoxBackupPolicy = new aws.iam.Policy("proxmox_backup_policy", {
    name: "ProxmoxBackupPolicy",
    description: "Policy to allow Proxmox VE to write backups to the S3 bucket",
    policy: pulumi.jsonStringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Action: [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:ListBucket",
                "s3:GetBucketLocation",
            ],
            Resource: [
                proxmoxBackup.arn,
                pulumi.interpolate`${proxmoxBackup.arn}/*`,
            ],
        }],
    }),
});
// Attach the policy to the role
const proxmoxBackupRolePolicyAttachment = new aws.iam.RolePolicyAttachment("proxmox_backup_role_policy_attachment", {
    role: proxmoxBackupRole.name,
    policyArn: proxmoxBackupPolicy.arn,
});
export const bucketName = proxmoxBackup.bucket;
export const iamRoleArn = proxmoxBackupRole.arn;

In this guide, we set up an S3 bucket configured for versioning and lifecycle management, created an IAM role with the appropriate permissions, and exported the necessary details to facilitate integration with Proxmox VE for VM backups.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up