Amazon S3

Amazon supports payment by credit card and bank account. We recommend heavy users add a bank account as their payment method, as it's usually more permanent than a credit card.

In any case, if your payment method is invalidated (e.g., cancelled or expired credit card), billing will fail and Amazon will attempt to contact you (e.g., by e-mail) to provide a new, valid payment method.

  1. Easier sign up process. Users don't need to know anything about S3 API keys or understand the implications of giving them to us.
  2. Security: you don't need to give us access to your generic S3 account. If someone compromises your regular AWS API Key they still can't get to your encrypted backup volumes and say... delete them.
  3. Cost transparency: TKLBAM related storage charges show up separately from your generic S3 storage.
TKLBAM doesn't store it's data in generic S3 buckets, but in an isolated TKLBAM-specific area on S3. This means generic S3 tools such as the AWS management console, or S3Fox will not be able to access the storage buckets in which TKLBAM backup volumes reside.

Please note that new(er) Hub accounts DO use generic S3 buckets for backup storage. We will be transitioning existing users to the new system in the future. We will contact users individually when the time comes.


No! TKLBAM stores backups in the cloud for convenience, but it also supports local / custom backup storage targets.

There are two main alternatives to letting TKLBAM store a backup in the cloud:

  1. Low-level tklbam-backup --dump option: lets you dump the raw TKLBAM backup extract to a directory, which you can then store anyway you like.

    For example here's how we'd a system backup into a simple unencrypted tarball:

    cd /tmp
    mkdir mybackup
    tklbam-backup --dump=mybackup/
    tar jcvf mybackup.tar.bz2 mybackup/

    And later restore it like this:

    cd /tmp
    tar jxvf mybackup.tar.bz2
    tklbam-restore mybackup/

    The --dump option bypasses Duplicity, which usually create a series of encrypted archive files that can be incrementally updated. These archive files are stored by default in the Amazon S3 storage cloud but you can override this with the --address option and specify any storage back-end supported by Duplicity (e.g., local directory, rsync over ssh, ftp, sftp, etc).

  2. High-level tklbam-backup --address option: lets you specify a custom backup target URL that is passed on to Duplicity.

    It is highly recommended to rehearse a trial restore. Testing your backups is always a good idea, and even more so with a custom --address as this may complicate usage.

    The Hub normally helps you manage your backup's metadata when it auto-configures the storage address. If you specify a manual address you need to manage storage locations, encryption keys and authentication credentials by hand.


If you notice $0.00 in the backups console, there's no need to open a support request. It's not a bug. At 15 cents per gigabyte, if you have just a few megabytes of data Amazon doesn't charge you anything.

Backups start from around 100KB for a freshly installed TurnKey appliance. Remember, TKLBAM only saves changes you've made since the appliance was installed.


Amazon S3 cloud storage fees are around $0.15/GB per month.

You can use simulation mode to calculate how much uncompressed data TKLBAM is going to store in a full backup:

$ tklbam-backup --simulate

In practice, the actual footprint of a full backup will usually be smaller due to compression, but this depends on the type of data being compressed (e.g., text compresses very well, video very poorly).

By default, a full backup is performed if one month has passed since the last full backup. In between, incremental backups will be performed which only record changes since the last backup. The full backup frequency can be customized. See the manual page for details.


We recommend the following package:

apt-get install iftop

Here's one way to do it:

apt-get install trickle
trickle -u 100  -d 100 tklbam-backup