Immich S3 Backup Guide 

Prerequisites

AWS CLI Setup:

• Install AWS CLI if not already installed

sudo apt updateCopy
sudo apt install awscliCopy

• Configure AWS CLI with your credentials

aws configureCopy

Enter your AWS Access Key ID, Secret Access Key, region (e.g., ap-south-1), and output format (e.g., json).

S3 Bucket Setup:

• Create an S3 bucket via AWS Management Console or CLI

aws s3 mb s3://immich-backups-aditya --region ap-south-1Copy

• Enable versioning to protect against accidental overwrites

aws s3api put-bucket-versioning --bucket immich-backups-aditya --versioning-configuration Status=EnabledCopy

Automate Backups with a Cron Job

1. Create a Backup Script:

nano /home/ubuntu/immich-app/backup_to_s3.shCopy

Add the following content:

Copy All#!/bin/bash

# =====================================================
# Immich Backup Script
# Author: Aditya Tawade
# Description: Automates Immich PostgreSQL + data backup to S3
# =====================================================

# Configuration
S3_BUCKET="s3://immich-backups-aditya"
DB_BACKUP_DIR="Daily_Database_Backup"
BACKUP_DATE=$(date +%Y%m%d)
LOG_FILE="/var/log/immich_backup.log"

# Function to log messages with timestamp
log() {
  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> "$LOG_FILE"
}

log "========== Starting Immich Backup: $BACKUP_DATE =========="

# =====================================================
# 1. Database Backup (Stream directly to S3)
# =====================================================
log "Starting database backup"
if ! docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | gzip | aws s3 cp - $S3_BUCKET/$DB_BACKUP_DIR/immich_db_${BACKUP_DATE}.sql.gz --storage-class STANDARD_IA; then
  log "ERROR: Database backup failed"
  exit 1
fi
log "Database backup completed: immich_db_${BACKUP_DATE}.sql.gz"

# =====================================================
# 2. Application Data Backup (Sync key folders to S3)
# =====================================================
for dir in library encoded-video thumbs upload profile; do
  log "Syncing directory: $dir"
  if ! aws s3 sync /mnt/immich_data/upload/$dir $S3_BUCKET/$dir/ --storage-class STANDARD_IA; then
    log "ERROR: Sync of $dir failed"
    exit 1
  fi
  log "Sync of $dir completed"
done

# =====================================================
# 3. Full Mirror Sync for /upload/backups (Deletes remote files not present locally)
# =====================================================
log "Performing full sync of /upload/backups — deleting files in S3 not present on server"
if ! aws s3 sync /mnt/immich_data/upload/backups $S3_BUCKET/backups/ --delete --storage-class STANDARD_IA; then
  log "ERROR: Full sync of /upload/backups failed"
  exit 1
fi
log "Full sync of /upload/backups completed — remote deletions applied"

# =====================================================
# 4. Cleanup Old Database Backups (Keep only the latest 20)
# =====================================================
log "Checking for old database backups to delete"
aws s3 ls $S3_BUCKET/$DB_BACKUP_DIR/ | grep "immich_db_.*.sql.gz" | sort -r | tail -n +21 | while read -r line; do
  file=$(echo "$line" | awk '{print $4}')
  if aws s3 rm $S3_BUCKET/$DB_BACKUP_DIR/$file; then
    log "Deleted old backup: $file"
  else
    log "ERROR: Failed to delete: $file"
  fi
done
log "Cleanup of old backups completed"

log "========== Immich Backup Completed Successfully =========="

2. Make the Script Executable:

chmod +x /home/ubuntu/immich-app/backup_to_s3.shCopy

3. Schedule Daily Backup:

Schedule the script to run daily at 3 AM:

crontab -eCopy

Add the following line:

0 3 * * * /home/ubuntu/immich-app/backup_to_s3.shCopy

Clean Up Old Backups (Optional)

Set an S3 lifecycle policy to manage older backups:

• Go to S3 > immich-backups-aditya > Management > Lifecycle rules > Create rule

• Example: Transition to DEEP_ARCHIVE after 30 days, expire after 365 days

Important Notes

• Regularly verify backups by checking the S3 bucket contents

• Ensure AWS CLI credentials have appropriate permissions for S3 operations

• Monitor the backup script logs for errors if automated via cron

• Adjust the lifecycle policy based on your retention needs to optimize costs

This setup ensures your Immich server data is securely backed up to S3 with optional automation and cost-effective storage management.