aws cli options: kmsKeyId and storageClass

Dockerfile

@@ -20,7 +20,8 @@ ARG VERSION
 
 ENV MONGODB_TOOLS_VERSION 4.2.1-r1
 ENV GOOGLE_CLOUD_SDK_VERSION 276.0.0
-ENV AZURE_CLI_VERSION 2.12.1
+ENV AZURE_CLI_VERSION 2.13.0
+ENV AWS_CLI_VERSION 1.18.159
 ENV PATH /root/google-cloud-sdk/bin:$PATH
 
 LABEL org.label-schema.build-date=$BUILD_DATE \
@@ -55,9 +56,9 @@ RUN apk --no-cache add \
         libc6-compat \
         openssh-client \
         git \
-    && pip3 install --upgrade pip && \
-    pip install wheel && \
-    pip install crcmod && \
+    && pip3 --no-cache-dir install --upgrade pip && \
+    pip --no-cache-dir install wheel && \
+    pip --no-cache-dir install crcmod && \
     curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
     tar xzf google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
     rm google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
@@ -67,10 +68,11 @@ RUN apk --no-cache add \
     gcloud config set metrics/environment github_docker_image && \
     gcloud --version
 
-# install azure-cli
-RUN apk add --virtual=build gcc libffi-dev musl-dev openssl-dev python3-dev make && \
-  pip install cffi && \
-  pip install azure-cli==${AZURE_CLI_VERSION} && \
+# install azure-cli and aws-cli
+RUN apk --no-cache add --virtual=build gcc libffi-dev musl-dev openssl-dev python3-dev make && \
+  pip --no-cache-dir install cffi && \
+  pip --no-cache-dir install azure-cli==${AZURE_CLI_VERSION} && \
+  pip --no-cache-dir install awscli==${AWS_CLI_VERSION} && \
   apk del --purge build
 
 COPY --from=0 /go/src/github.com/stefanprodan/mgob/mgob .

README.md

@@ -83,8 +83,18 @@ target:
 s3:
   url: "https://play.minio.io:9000"
   bucket: "backup"
+  # accessKey and secretKey are optional for AWS, if your Docker image has awscli
   accessKey: "Q3AM3UQ867SPQQA43P2F"
   secretKey: "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"
+  # Optional, only used for AWS (when awscli is present)
+  # The customer-managed AWS Key Management  Service (KMS) key ID that should be used to 
+  # server-side encrypt the backup in S3
+  #kmsKeyId:
+  # Optional, only used for AWS (when awscli is present)
+  # Valid choices are: STANDARD | REDUCED_REDUNDANCY | STANDARD_IA  |  ONE-
+  #     ZONE_IA  |  INTELLIGENT_TIERING  |  GLACIER | DEEP_ARCHIVE. 
+  # Defaults to 'STANDARD'
+  #storageClass: STANDARD
   # For Minio and AWS use S3v4 for GCP use S3v2
   api: "S3v4"
 # GCloud upload (optional)

pkg/backup/s3.go

@@ -47,8 +47,18 @@ func awsUpload(file string, plan config.Plan) (string, error) {
 
 	fileName := filepath.Base(file)
 
-	upload := fmt.Sprintf("aws --quiet s3 cp %v s3://%v/%v",
-		file, plan.S3.Bucket, fileName)
+	encrypt := ""
+	if len(plan.S3.KmsKeyId) > 0 {
+		encrypt = fmt.Sprintf(" --sse aws:kms --sse-kms-key-id %v", plan.S3.KmsKeyId)
+	}
+
+	storage := ""
+	if len(plan.S3.StorageClass) > 0 {
+		storage = fmt.Sprintf(" --storage-class %v", plan.S3.StorageClass)
+	}
+
+	upload := fmt.Sprintf("aws --quiet s3 cp %v s3://%v/%v%v%v",
+		file, plan.S3.Bucket, fileName, encrypt, storage)
 
 	result, err := sh.Command("/bin/sh", "-c", upload).SetTimeout(time.Duration(plan.Scheduler.Timeout) * time.Minute).CombinedOutput()
 	if len(result) > 0 {

pkg/config/plan.go

@@ -46,7 +46,7 @@ type S3 struct {
 	SecretKey    string `yaml:"secretKey"`
 	URL          string `yaml:"url"`
 	KmsKeyId     string `yaml:"kmsKeyId"`
-	StorageClass string `yaml:"storageClass"`
+	StorageClass string `yaml:"storageClass" validate:"omitempty,oneof=STANDARD REDUCED_REDUNDANCY STANDARD_IA ONE-ZONE_IA INTELLIGENT_TIERING GLACIER DEEP_ARCHIVE`
 }
 
 type GCloud struct {