How To Create A Backup Plan In AWS Backup
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
You can define a recurring backup configuration in AWS Backup using a backup plan. A backup plan contains the information like resources to be backed up, backup schedule, backup vault, backup lifecycle etc. which is used by AWS backup service to take backup automatically. In this blog post, we will discuss how to create a backup plan in AWS backup using API.
How To Create A Backup Plan In AWS Backup:
Prerequisites:
- AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.
https://cloudaffaire.com/how-to-install-aws-cli/
https://cloudaffaire.com/how-to-configure-aws-cli/
Step 1: Create a new backup vault.
1 2 3 |
## Create a new backup vault aws backup create-backup-vault \ --backup-vault-name myvault |
Step 2: Get backup template details.
AWS provides you some pre-configured template that you can use to create your backup plan. Though we will not use these templates to create the backup plan, but you can have an idea of the backup plan policy syntax by viewing the backup templates provided by AWS.
1 2 3 4 5 6 7 8 9 |
## List all available backup plan templates aws backup list-backup-plan-templates ## Get backup plan template details SAMPLE_TEMPLATE_ID=$(aws backup list-backup-plan-templates \ --query 'BackupPlanTemplatesList[?BackupPlanTemplateName == `Daily-35day-Retention`].BackupPlanTemplateId' \ --output text) && aws backup get-backup-plan-from-template \ --backup-plan-template-id $SAMPLE_TEMPLATE_ID |
Step 3: Create a new backup plan.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
## Create a new backup plan definition cat << EOF > backup_plan.json { "BackupPlanName": "mybackupplan", "Rules": [ { "RuleName": "DailyBackups", "TargetBackupVaultName": "myvault", "ScheduleExpression": "cron(0 5 ? * * *)", "StartWindowMinutes": 60, "CompletionWindowMinutes": 1400, "CopyActions": [], "EnableContinuousBackup": false, "Lifecycle": { "DeleteAfterDays": 7 } } ] } EOF ## Create a new backup plan aws backup create-backup-plan \ --backup-plan file://backup_plan.json |
Step 4: Get the backup plan details.
1 2 3 4 5 6 7 |
## List all backup plans aws backup list-backup-plans ## Get backup plan details BACKUP_PLAN_ID=$(aws backup list-backup-plans | jq -r .BackupPlansList[0].BackupPlanId) && aws backup get-backup-plan \ --backup-plan-id $BACKUP_PLAN_ID |
Observe, we have not defined any resource that will be backed-up by our backup plan. Next, we will create an IAM role and a resource that can be baked-up using AWS backup service (EBS volume for this demo) and include them in our backup plan using a backup selection object.
Step 5: Create an IAM role for AWS backup service.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
## Create assume role policy definition cat <<'EOF'> backup_assume_role_policy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ## Create IAM role aws iam create-role \ --role-name backup_iam_role \ --assume-role-policy-document file://backup_assume_role_policy.json ## Add AWS managed AWS_backupRole policy to the role aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup && aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores ## Get the role ARN ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account) && IAM_ROLE_ARN=arn:aws:iam::$ACCOUNT_ID:role/backup_iam_role && echo $IAM_ROLE_ARN |
Step 6: Create an EBS volume.
1 2 3 4 5 6 7 8 |
## Create a new ebs volume EBS_VOL_ID=$(aws ec2 create-volume \ --volume-type gp2 \ --availability-zone ap-south-1a \ --tag-specifications 'ResourceType=volume,Tags=[{Key=Name,Value=myebs},{Key=Backup,Value=Daily}]' \ --size 1 | jq -r .VolumeId) && EBS_VOL_ARN="arn:aws:ec2:ap-south-1:$ACCOUNT_ID:volume/$EBS_VOL_ID" && echo $EBS_VOL_ARN |
Step 7: Create a backup selection for your backup plan.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
## Create a backup selection definition cat << EOF > backup_selection.json { "SelectionName": "mybackupselection", "IamRoleArn": "$IAM_ROLE_ARN", "Resources": ["$EBS_VOL_ARN"], "ListOfTags": [ { "ConditionType": "STRINGEQUALS", "ConditionKey": "Backup", "ConditionValue": "Daily" } ] } EOF ## Create a backup selection for your backup plan aws backup create-backup-selection \ --backup-plan-id $BACKUP_PLAN_ID \ --backup-selection file://backup_selection.json |
Step 8: Get details on backup selection.
1 2 3 4 5 6 7 8 9 10 |
## List all backup selections available in your backup plan aws backup list-backup-selections \ --backup-plan-id $BACKUP_PLAN_ID ## Get details on the backup selection BACKUP_SELECTION_ID=$(aws backup list-backup-selections \ --backup-plan-id $BACKUP_PLAN_ID | jq -r .BackupSelectionsList[0].SelectionId) && aws backup get-backup-selection \ --backup-plan-id $BACKUP_PLAN_ID \ --selection-id $BACKUP_SELECTION_ID |
We have successfully created a new backup plan. Now you can wait for the next backup schedule (5AM UTC everyday) to get executed as per your backup plan to test if your backup plan is working as expected.
Next, we are going to delete all the resources deployed in this demo.
Step 9: Clean up.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
## Delete the backup selection aws backup delete-backup-selection \ --backup-plan-id $BACKUP_PLAN_ID \ --selection-id $BACKUP_SELECTION_ID ## Delete the backup plan aws backup delete-backup-plan \ --backup-plan-id $BACKUP_PLAN_ID ## Delete the ebs volume aws ec2 delete-volume \ --volume-id $EBS_VOL_ID ## Delete recovery point if any in the vault aws backup delete-recovery-point \ --backup-vault-name myvault \ --recovery-point-arn ## Delete the backup vault aws backup delete-backup-vault \ --backup-vault-name myvault ## Delete the IAM role aws iam detach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup && aws iam detach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores && aws iam delete-role \ --role-name backup_iam_role |
Hope you have enjoyed this article. To know more about AWS Backup, please refer below official documentation
https://docs.aws.amazon.com/aws-backup/index.html