How to Connect Other Cloud Provider Accounts to a SnapShooter Account

SnapShooter is a cloud backup and recovery solution. Use SnapShooter to back up servers, volumes, databases, and applications from DigitalOcean and other cloud providers.


Connect accounts from other cloud providers (like Amazon, Google, Hetzner, Exoscale, and Vultr) to SnapShooter to set up daily or hourly backups for servers and other resources.

About SnapShooter Backups

SnapShooter supports two kinds of backups: native backups and backup jobs.

  • Native backups use your cloud provider’s backup product. These products are called different names depending on the provider, like DigitalOcean Snapshots or Amazon Machine Images (AMIs).

    SnapShooter creates and manages these backups on your behalf by using the provider’s API, which allows you to take more frequent backups with finer control over retention than the cloud providers themselves offer.

  • Backup jobs run using SnapShooter’s custom engine to back up hosted resources (like files, application servers, or database servers) to your chosen S3-based storage provider. You can use backup jobs with any server that you can add to SnapShooter.

    You can use SnapShooter as your storage provider with SnapShooter Simple Storage, which lets you store backup data without setting up your own storage. Alternatively, you can set up DigitalOcean Spaces Object Storage or other storage providers, like AWS S3.

To use SnapShooter to manage native backups on other cloud providers, you need to connect your account with a supported cloud provider to your SnapShooter account.

Connect an Amazon Web Services Account

We use AWS IAM to grant access to your AWS account so you can restrict the permissions to only what is necessary for SnapShooter to function.

From the SnapShooter app, in the left menu under Snapshots, click + Connect Provider.

To add a new AWS account to back up EC2 instances, under Snapshots, click AWS. To add a new AWS account to back up Lightsail instances, under Snapshots, click AWS Lightsail.

This takes you to the Connect New Account page for AWS or AWS Lightsail, respectively. Next, you need to create a new IAM user in your AWS account, and then fill in this page with the account information.

For EC2 instance backups, use the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "snapshooter",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeImages",
        "ec2:DeregisterImage",
        "ec2:DescribeInstances",
        "ec2:DeleteSnapshot",
        "ec2:CreateTags",
        "ec2:DescribeVolumes",
        "ec2:CreateSnapshot",
        "ec2:CreateImage",
        "ec2:DescribeSnapshots"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

For Lightsail backups, use the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "lightsail:GetInstanceSnapshot",
        "lightsail:GetInstances",
        "lightsail:DeleteInstanceSnapshot",
        "lightsail:GetOperation",
        "lightsail:GetInstanceSnapshots",
        "lightsail:GetInstance",
        "lightsail:GetInstanceState",
        "lightsail:CreateInstanceSnapshot",
        "lightsail:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Once you create the new user, copy the following information from AWS and paste it into SnapShooter:

  • Account name
  • Access key
  • Secret access key
  • Region

We encrypt your keys to keep them secure.

After you enter the information, click Connect AWS Account or Connect AWS Lightsail Account. Once the account is connected, you can start backing up EC2 and Lightsail instances.

You can only configure one region at a time. To back up in more than one region, add a second account and select a different region.

Connect a Google Cloud Platform Account

To connect your GCP account to SnapShooter, we use GCP IAM to grant permissions to a service account that SnapShooter can use.

Create a Service Account

First, log into Google Cloud Platform and navigate to the correct project.

In the left menu, click IAM & Admin. Then, in the menu that opens, click Service Accounts. At the top of the page, click +Create Service Account.

In the Service account details page that opens, give the account a name, ID, and a description, then click Create.

On the next page, in Service account permissions, in the Role field, select Compute Admin. Accept the defaults for the remaining options to finish creating the account.

This returns you to the list of service accounts. Open the Actions menu to the right of the service account, then click Create key. Choose JSON, which downloads a file with the service account JSON. Copy the contents of the file.

Finally, from the SnapShooter app, in the left menu under Snapshots, click + Connect Provider. Click Google Cloud Platform.

This takes you to the Connect New Account page for GCP. Enter the account name and zone, then paste the JSON into the Service Account JSON field. Click Connect GCP Account.

Once the account is connected, you can back up GCP servers.

Connect a Hetzner Account

To connect your Hetzner Account to SnapShooter, we use a token generated in your Hetzner account. This grants us read and write access to list instances, as well as create and delete snapshots. We only delete snapshots created by SnapShooter.

Note
You can only connect a Hetzner account to a single SnapShooter account. If you add the same Hetzner account to a second SnapShooter account, the second account will not import servers. You can add any number of Hetzner accounts to your SnapsShooter account.

First, log into your Hetzner account. Open your project workspace, then click the key in the left menu. From here, click API Tokens in the top menu, then click the red Generate API Token button in the top right.

In the window that opens, enter a name for the token (like “SnapShooter”) in the Description box, then click Generate API Token.

The page shows an API token was added confirmation message and displays the token. Copy the token.

From the SnapShooter app, in the left menu under Snapshots, click + Connect Provider.

Under Snapshots, click Hetzner to go to the Connect New Account page. Enter your credentials, which are the account name and the secret access key (token), then click Connect Hetzner Account.

Once the account is connected, you can back up Hetzner servers.

Connect an Exoscale Account

Connect a Vultr Account

To connect your Vultr account to SnapShooter, log in to your Vultr account. In the left menu, click Account to go to Account Settings.

In the top menu, click API to go to the API page. In the Personal Access Token section, copy the generated API key.

Next, in the Access Control section, allow SnapShooter’s IP addresses.

From the SnapShooter app, in the left menu under Snapshots, click + Connect Provider.

Under Snapshots, click Vultr to go to the Connect New Account page. Enter your credentials, which are the account name and the API key (token), then click Connect Vultr Account.

Once your account is connected to SnapShooter, you can begin setting up backups.

Use SnapShooter to manage daily or hourly native backups for servers from other supported cloud providers, like Amazon, Exoscale, and Hetzner.