Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Backing up to Yandex Object Storage with rclone

Written by
Updated at January 29, 2026

In this tutorial, you will set up backup of local files to Yandex Object Storage using rclone.

Rclone is a versatile command-line tool for managing files in S3 cloud storage, including Object Storage. You can use it to copy and synchronize files between your local machine and a bucket.

Features of rclone:

  • Connects directly to the S3 API so you do not need to mount a bucket.
  • Supported on Linux, Windows, and macOS.
  • Supports copy, sync, filtering, checks, and automation with scripts.
  • Easy setup and integration with task schedulers.

To set up backup with rclone:

  1. Get your cloud ready.
  2. Create a bucket.
  3. Create a service account.
  4. Create a static access key.
  5. Set up your environment.
  6. Synchronize the local folder with the bucket.

If you no longer need the resources you created, delete them.

Getting started

Sign up for Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or create a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

The bucket support cost includes the fee for bucket data storage and data operations (see Yandex Object Storage pricing).

Create a bucket

Note

To protect your backups from accidental file deletion, enable S3 bucket versioning. This way, deleted or overwritten files will be saved as previous versions you can restore if needed. For more information about S3 bucket versioning, see this guide.

Without versioning, you will not be able to restore files deleted from S3, even if previously copied.

  1. In the management console, navigate to the relevant folder.
  2. Select Object Storage.
  3. Click Create bucket.
  4. Enter a name for the bucket according to the naming requirements.
  5. In the Read objects, Read object list, and Read settings fields, select With authorization.
  6. Click Create bucket.

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Create a bucket by entering its name following the naming requirements:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3 mb s3://<bucket_name>

    Result:

    make_bucket: backup-bucket

Use the create REST API method for the Bucket resource, the BucketService/Create gRPC API call, or the create S3 API method.

Create a service account

Create a service account to be used for backups.

  1. In the management console, select Identity and Access Management.
  2. Click Create service account.
  3. In the Name field, specify sa-backup-to-s3.
  4. Click Add role and select the storage.editor role.
  5. Click Create.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Create a service account:

    yc iam service-account create --name sa-backup-to-s3 \
  --folder-name <folder_name>

    Result:

    id: ajeab0cnib1p********
folder_id: b0g12ga82bcv********
created_at: "2025-10-03T09:44:35.989446Z"
name: sa-backup-to-s3

  2. Assign the storage.editor role for the folder to the service account:

    yc resource-manager folder add-access-binding <folder_name> \
  --service-account-name sa-backup-to-s3 \
  --role storage.editor \
  --folder-name <folder_name>

    Result:

    effective_deltas:
  - action: ADD
    access_binding:
      role_id: storage.editor
      subject:
        id: ajeab0cnib1p********
        type: serviceAccount
  1. Create a service account named sa-backup-to-s3. Do it by using the create REST API method for the ServiceAccount resource or the ServiceAccountService/Create gRPC API call.
  2. Assign the storage.editor role for the current folder to the the service account. Do it by using the setAccessBindings REST API method for the Folder resource or the FolderService/SetAccessBindings gRPC API call.

Note

To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

  • kms.keys.encrypter: To read the key, encrypt and upload objects.
  • kms.keys.decrypter: To read the key, decrypt and download objects.
  • kms.keys.encrypterDecrypter: This role includes the kms.keys.encrypter and kms.keys.decrypter permissions.

For more information, see Yandex Key Management Service service roles.

Create a static access key

  1. In the management console, select Identity and Access Management.

  2. In the left-hand panel, select Service accounts.

  3. Select the sa-backup-to-s3 service account.

  4. In the top panel, click Create new key and select Create static access key.

  5. Enter a description for the key and click Create.

  6. Save the ID and secret key for later when you are mounting the bucket.

    Alert

    After you close this dialog, the key value will no longer be available.

  1. Run this command:

    yc iam access-key create \
  --service-account-name sa-backup-to-s3

    Where --service-account-name is the name of the service account you are creating the key for.

    Result:

    access_key:
  id: aje726ab18go********
  service_account_id: ajecikmc374i********
  created_at: "2024-11-28T14:16:44.936656476Z"
  key_id: YCAJEOmgIxyYa54LY********
secret: YCMiEYFqczmjJQ2XCHMOenrp1s1-yva1********

  2. Save the ID (key_id) and secret key (secret) for later when you are mounting the bucket.

To create an access key, use the create REST API method for the AccessKey resource or the AccessKeyService/Create gRPC API call.

Save the ID (key_id) and secret key (secret) for later when you are mounting the bucket.

Set up your environment

Install rclone

  1. Install the latest version of rclone using the following command:

    sudo -v ; curl https://rclone.org/install.sh | sudo bash

    Result:

    ...
rclone v1.71.1 has successfully installed.
Now run "rclone config" for setup. Check https://rclone.org/docs/ for more details.

    For more information about the command, see this rclone guide.

  2. Make sure rclone is installed:

    rclone version

    Result:

    rclone v1.71.1
- os/version: ubuntu 24.04 (64 bit)
- os/kernel: 6.14.0-29-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.25.1
- go/linking: static
- go/tags: none

  1. Download the rclone archive from the vendor website and unpack it to a local folder.

  2. Add the folder to the PATH variable to make the utility CLI-accessible from anywhere. To do this:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

  3. Make sure rclone is installed:

    rclone version

    Result:

    rclone v1.71.1
- os/version: Microsoft Windows 10 Pro 22H2 22H2 (64 bit)
- os/kernel: 10.0.19045.4046 (x86_64)
- os/type: windows
- os/arch: amd64
- go/version: go1.25.1
- go/linking: static
- go/tags: cmount

Set up a connection to Object Storage

  1. Run a configuration session for rclone using this command:

    rclone config

  2. Follow the prompts to create a new connection profile:

    1. Start creating a new profile by entering n in the terminal.
    2. Enter a connection name, e.g., yandex-s3.
    3. Select the storage type by entering 4 (Amazon S3 Compliant Storage) in the terminal.
    4. Select the provider by entering 1 (Amazon Web Services S3) in the terminal.
    5. Select manual entry of credentials by typing 1 in the terminal.
    6. In the terminal, enter the secret key ID you got previously.
    7. In the terminal, enter the secret key value you got previously.
    8. Specify the region by entering ru-central1 in the terminal.
    9. Specify the endpoint by entering storage.yandexcloud.net in the terminal.
    10. You can leave all other settings at their defaults by pressing Enter to skip them; at the last item, select q (Quit config).

    Note

    You can perform advanced connection setup if required. To do this, type y at the Edit advanced config? step. For more information about advanced settings, see this rclone guide.

    Also, you can configure connections by manually editing the rclone.conf configuration file. To get the configuration file location, run this command:

    rclone config file

  3. Check your connection to the bucket by running this command:

    rclone ls <connection_name>:<bucket_name>

    If your configuration is correct, in your terminal, you will see a list of objects in the bucket.

Synchronize the local folder with the bucket

To complete the backup setup, configure manual or automatic synchronization of the local folder with the bucket.

Note

Files deleted from your local folder will also be deleted from the bucket. If you do not want to delete files from the bucket when they are deleted from the local folder, run the copy command instead of sync.

Manual synchronization

For a one-off synchronization, run this command:

rclone sync <local_folder_path> <connection_name>:<bucket_name>

Where sync creates an exact copy, including deletion of files from the bucket when they are deleted from the local folder. To copy files without deletion, use the copy command.

For a one-off synchronization, run this command:

rclone sync <local_folder_path> <connection_name>:<bucket_name>

Where sync creates an exact copy, including deletion of files from the bucket when they are deleted from the local folder. To copy files without deletion, use the copy command.

Tip

To avoid running the command manually each time, you can create a BAT file:

  1. Open Notepad and add the following contents:

    @echo off
rclone sync <local_folder_path> <connection_name>:<bucket_name>

    Where sync creates an exact copy, including deletion of files from the bucket when they are deleted from the local folder. To copy files without deletion, use the copy command.

  2. Save the file, e.g., as sync_to_s3.bat.

  3. To synchronize folders, run the BAT file.

Automatic synchronization

To automatically synchronize your local folder with the bucket:

  1. Make sure the user who will schedule the cron job has access to the local folder.

  2. Open the current user's scheduler file by running this command:

    crontab -e

  3. Add a line to the file to trigger autosync, e.g., every 10 minutes:

    */10 * * * * rclone sync <local_folder_path> <connection_name>:<bucket_name> --log-file=<log_file_path>

    Where:

    • sync: Command for an exact copy, including deletion of files from the bucket when they are deleted from the local folder. To copy files without deletion, use the copy command.
    • --log-file: Optional parameter for writing logs. Specify the full path.

    Note

    Specify the full absolute path to folders without using ~, e.g., /home/user/.

The job will run at the specified frequency and synchronize the folders.

For auto sync, set up a task in the Task scheduler:

  1. Open the Windows Task Scheduler:

    • Start MenuTask Scheduler.
    • Or start it in Runtaskschd.msc.

  2. Click Create task....

  3. In the Actions tab, add a new action by specifying the absolute path to the executable script, e.g., a BAT file, under Program or script.

  4. In the Triggers tab, add a schedule.

  5. Click OK.

How to delete the resources you created

To stop paying for the resources you created:

  1. Delete the objects from the bucket.
  2. Delete the bucket.
Previous
Backing up to Object Storage with AWS S3 Sync
Next
Backing up to Object Storage with GeeseFS