What

  • Goal: Back up Android photos/media privately to AWS S3 using FolderSync (Android).
  • Scope: One S3 bucket, one IAM user, FolderSync account (S3-compatible), one folder pair (2‑way sync).
  • Prerequisite: AWS account ready.

Why

  • Own your data: No Big Tech gallery lock-in.
  • Reliability: S3 durability + Intelligent‑Tiering for cost control.
  • Simplicity: No self‑hosted NAS, static IP, RAID, or server maintenance.

How

  • Step 1 — Create S3 bucket (Region: us‑east‑1 recommended)

    • Name: your choice (e.g., mobile-device-bkp).
    • Region: us-east-1 (often lowest cost; change if you need locality).
    • Block Public Access: ON (keep the bucket private).
    • Versioning: optional but recommended for safety.
    • Storage class: add a lifecycle rule to transition objects to Intelligent‑Tiering immediately.

  • Step 2 — Create IAM policy (access only this bucket)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ListAllBuckets",
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Sid": "FullAccessToSpecificBucket",
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}

  • Step 3 — Create IAM user

    • Type: programmatic access only.
    • Attach the policy above.

  • Step 4 — Create access keys

    • Generate Access Key ID + Secret Access Key.
    • Store securely; do not share.

  • Step 5 — Configure FolderSync account (Android)

    • Add account → Type: S3 compatible.
    • Endpoint (S3 URL): https://s3.us-east-1.amazonaws.com
      • Replace us-east-1 with your region if different.
    • Access key: your IAM Access Key ID.
    • Secret: your IAM Secret Access Key.
    • Signature: v4 (default). Test connection.

  • Step 6 — Create a folder pair (2‑way sync)

    • Left (Device): pick the local folder (e.g., DCIM/Camera or your media folder).
    • Right (Remote): your S3 account → select the bucket.
    • Mode: Two‑way (keeps devices in sync via S3). Run first sync.
    • Scheduling: enable periodic sync; set Wi‑Fi only, optional charging‑only.

Notes

  • Multi‑device: Repeat the same setup on other phones; two‑way sync pulls uploads from other devices.
  • Conflicts: Prefer “keep newest” or “skip/rename” based on your preference to avoid duplicates.
  • Costs: S3 charges for storage + requests. Intelligent‑Tiering helps; avoid unnecessary frequent sync intervals.
  • Security: Keep the bucket private. Rotate keys if a device is lost.
  • Endpoint format: Use https://s3.<region>.amazonaws.com (dot, not slash). Example: https://s3.us-east-1.amazonaws.com.