This project contains all the steps and files to do the followings:
- Create scheduled Snapshot on AWS
- Delete outdated Snapshot on AWS
You are suggested to have an IAM User account with IAM Full Access and CloudWatch Access You will need the permissions to create new role/policy, list role/policy, create CloudWatch Rules, etc.. So it would be great to have Full Access for IAM and CloudWatch
You can create new role with either Management Console or the AWS CLI. But the policy are the same.
- Go to "IAM" in Management Console on AWS Website
- Go to "Roles"
- Click "Create new role"
- Select "AWS Lambda" in role type
- Press "Next" to skip "Attach Policy" section, we will come back to set it later
- Name to role as "ebs-backup-worker"
- Click "Create Role"
- On the menu on the left hand side, click "Policies".
- Click "Create Policy"
- Select "Create Your Own Policy"
- Set "Policy Name" as "TakeSnapshots"
- Copy snapshot-policy.json files to "Policy Document"
- Click "Create Policy"
- Go back to the "Roles" section, select "ebs-backup-worker", click "Attach Policy"
- Select "TakeSnapshots"
- Install AWS CLI and login as your IAM User
- Clone this repo to your local computer
- cd into the directory
- Run the following command on terminal to create a new role
aws iam create-role --role-name ebs-backup-worker \ --assume-role-policy-document file://snapshot-trust.json
- Run the following command on terminal to attach the policy to the newly created role
aws iam put-role-policy --role-name ebs-backup-worker \ --policy-name TakeSnapshots \ --policy-document file://snapshot-policy.json
We will create 2 Lambda functions on Management Console
- Go to Lambda function on AWS Management Console Website
- Click "Create a Lambda function"
- Select "Blank Function"
- Click "Next" on "Configure trggers" page
- Name the function as "createSnapshot"
- Select "Python 2.7" as "Runtime"
- Copy the code from the file schedule-ebs-snapshot-backups.py
- Edit line 32 in schedule-ebs-snapshot-backups.py if you want to change expiry date (default 14 days)
- In "Lambda function handler and role" session, confirm "Handler" is "lambda_function.lambda_handler", "Role" = "Choose an existing role", select "ebs-backup-worker" for "Existing role"
- click "Next" and then "Create function"
- Go back to AWS Lambda
- Click "Create a Lambda function"
- Select "Blank Function"
- Click "Next" on "Configure trggers" page
- Name the function as "deleteSnapshot"
- Select "Python 2.7" as "Runtime"
- Copy the code from the file ebs-snapshot-janitor.py
- In "Lambda function handler and role" session, confirm "Handler" is "lambda_function.lambda_handler", "Role" = "Choose an existing role", select "ebs-backup-worker" for "Existing role"
- click "Next" and then "Create function"
We will need to create CloudWatch Rules to trigger our functions
- Go to CloudWatch, select "Rules" on the left menu
- Click "Create rule"
- select "Schedule"
- You may set the rate in "Fixed rate of X Days", in my exmaple, I set "Cron expression" as "0 0 ? * 1 *" which means "UTC 00:00 every sunday" for creating snapshot
- Click "Add targets" on the right hand side
- Select "Lambda function"
- select "createSnapshot" for "Function"
- Click "Configure Details"
- Name the rule as "createSnapshotRule"
- Click "Create Rule"
- Once again, Click "Create rule" on the "Rules" session
- select "Schedule"
- Set "fixed rate of 1 day"
- Click "Add targets" on the right hand side
- Select "Lambda function"
- select "deleteSnapshot" for "Function"
- Click "Configure Details"
- Name the rule as "deleteSnapshotRule"
- Click "Create Rule"
The last thing we need to do is to indicate the target instances.
This will be established by adding tag to the target instances on EC2 console.
- Go to EC2 console
- Select "Instances" on the left menu
- Select the target instances
- In the session located on the bottom of the screen, select "Tags"
- Click "Add/Edit Tags"
- Add a key "Backup" with value "True"
- Save
We are done with all setup at this point, you can go back to Lambda and test running createSnapshot and check if everythings' working!