Skip to content

jovehammer16/lambda-schedule-ebs-snapshot-backups

BranchesTags

Repository files navigation

AWS auto Snapshot

This project contains all the steps and files to do the followings:

  1. Create scheduled Snapshot on AWS
  2. Delete outdated Snapshot on AWS

Requirement

You are suggested to have an IAM User account with IAM Full Access and CloudWatch Access You will need the permissions to create new role/policy, list role/policy, create CloudWatch Rules, etc.. So it would be great to have Full Access for IAM and CloudWatch

Create New Role and Policy for ebs-backup-worker

You can create new role with either Management Console or the AWS CLI. But the policy are the same.

Using the Management Console

  1. Go to "IAM" in Management Console on AWS Website
  2. Go to "Roles"
  3. Click "Create new role"
  4. Select "AWS Lambda" in role type
  5. Press "Next" to skip "Attach Policy" section, we will come back to set it later
  6. Name to role as "ebs-backup-worker"
  7. Click "Create Role"
  8. On the menu on the left hand side, click "Policies".
  9. Click "Create Policy"
  10. Select "Create Your Own Policy"
  11. Set "Policy Name" as "TakeSnapshots"
  12. Copy snapshot-policy.json files to "Policy Document"
  13. Click "Create Policy"
  14. Go back to the "Roles" section, select "ebs-backup-worker", click "Attach Policy"
  15. Select "TakeSnapshots"

Using AWS CLI

  1. Install AWS CLI and login as your IAM User
  2. Clone this repo to your local computer
  3. cd into the directory
  4. Run the following command on terminal to create a new role aws iam create-role --role-name ebs-backup-worker \ --assume-role-policy-document file://snapshot-trust.json
  5. Run the following command on terminal to attach the policy to the newly created role aws iam put-role-policy --role-name ebs-backup-worker \ --policy-name TakeSnapshots \ --policy-document file://snapshot-policy.json

Create Lambda functions

We will create 2 Lambda functions on Management Console

  1. Go to Lambda function on AWS Management Console Website
  2. Click "Create a Lambda function"
  3. Select "Blank Function"
  4. Click "Next" on "Configure trggers" page
  5. Name the function as "createSnapshot"
  6. Select "Python 2.7" as "Runtime"
  7. Copy the code from the file schedule-ebs-snapshot-backups.py
  8. Edit line 32 in schedule-ebs-snapshot-backups.py if you want to change expiry date (default 14 days)
  9. In "Lambda function handler and role" session, confirm "Handler" is "lambda_function.lambda_handler", "Role" = "Choose an existing role", select "ebs-backup-worker" for "Existing role"
  10. click "Next" and then "Create function"
  11. Go back to AWS Lambda
  12. Click "Create a Lambda function"
  13. Select "Blank Function"
  14. Click "Next" on "Configure trggers" page
  15. Name the function as "deleteSnapshot"
  16. Select "Python 2.7" as "Runtime"
  17. Copy the code from the file ebs-snapshot-janitor.py
  18. In "Lambda function handler and role" session, confirm "Handler" is "lambda_function.lambda_handler", "Role" = "Choose an existing role", select "ebs-backup-worker" for "Existing role"
  19. click "Next" and then "Create function"

Create CloudWatch Rules

We will need to create CloudWatch Rules to trigger our functions

  1. Go to CloudWatch, select "Rules" on the left menu
  2. Click "Create rule"
  3. select "Schedule"
  4. You may set the rate in "Fixed rate of X Days", in my exmaple, I set "Cron expression" as "0 0 ? * 1 *" which means "UTC 00:00 every sunday" for creating snapshot
  5. Click "Add targets" on the right hand side
  6. Select "Lambda function"
  7. select "createSnapshot" for "Function"
  8. Click "Configure Details"
  9. Name the rule as "createSnapshotRule"
  10. Click "Create Rule"

Next, we need to repeat again to create rule for "deleteSnapshot"

  1. Once again, Click "Create rule" on the "Rules" session
  2. select "Schedule"
  3. Set "fixed rate of 1 day"
  4. Click "Add targets" on the right hand side
  5. Select "Lambda function"
  6. select "deleteSnapshot" for "Function"
  7. Click "Configure Details"
  8. Name the rule as "deleteSnapshotRule"
  9. Click "Create Rule"

Select target EC2 Instances to Backup

The last thing we need to do is to indicate the target instances.
This will be established by adding tag to the target instances on EC2 console.

  1. Go to EC2 console
  2. Select "Instances" on the left menu
  3. Select the target instances
  4. In the session located on the bottom of the screen, select "Tags"
  5. Click "Add/Edit Tags"
  6. Add a key "Backup" with value "True"
  7. Save

We are done with all setup at this point, you can go back to Lambda and test running createSnapshot and check if everythings' working!

About

use AWS lambda to auto snapshot volume

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages