My backup strategy for my Bitnami WordPress Multisite has been to enable hourly snapshots in the Bitnami EC2 console. Now that I have created a WordPress Multisite farm on my server this is no longer sufficient. The reason is that I need the ability to restore (and hence backup) individual websites and the server now hosts many websites.
I have installed the WPMUDev Snapshot plug-in. This allows me to backup individual sites to an offsite destination and in keeping with the rest of my architecture I have chosen to store my backups on Amazon S3.
To read and write from Amazon S3 you use an API key. It is best practice to avoid using a your own (high privilege) key and create an IAM User for your web application with narrower permissions. Confusingly you cannot grant permissions to IAM users to access a bucket in the S3 console. You have to create a policy to give the user access and this is easiest to do in the IAM console. This is very different from normal Windows or Linux permissions because you cannot simply inspect the Access Control List for a bucket to see who has access.
In AWS IAM management console, select the user and then select a model policy. This model policy can be used to verify access from the plug-in and then tightened up.