How To Take A Backup In AWS Using API
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
If you are working with AWS, you might get a requirement to take a backup for your data in AWS. You can use AWS backup service to take backup of supported services using UI or API. AWS Backup service currently supports Aurora, RDS, DynamoDB, EC2, EBS, EFS, FSx and Storage gateway backup. In the last blog post, we have discussed key concepts of AWS Backup Service.
https://cloudaffaire.com/key-concepts-of-aws-backup-service/
In today’s blog post, we will discuss how to take a backup in AWS using API. We will use AWS CLI for Backup service to take a backup of an EC2 instance. You can use the same process to take backups of other supported services.
How To Take A Backup In AWS Using API
Prerequisites:
- AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.
https://cloudaffaire.com/how-to-install-aws-cli/
https://cloudaffaire.com/how-to-configure-aws-cli/
Step 1: Create an IAM role for AWS backup service.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
## Create assume role policy definition cat <<'EOF'> backup_assume_role_policy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ## Create IAM role aws iam create-role \ --role-name backup_iam_role \ --assume-role-policy-document file://backup_assume_role_policy.json ## Add AWS managed AWS_backupRole policy to the role aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup && aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores ## Get the role ARN ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account) && IAM_ROLE_ARN=arn:aws:iam::$ACCOUNT_ID:role/backup_iam_role && echo $IAM_ROLE_ARN |
Step 2: Create a backup of an EC2 instance.
|
1 2 3 4 5 6 7 |
## Create a backup aws backup start-backup-job \ --backup-vault-name Default \ --resource-arn arn:aws:ec2: --iam-role-arn $IAM_ROLE_ARN \ --start-window-minutes 60 \ --complete-window-minutes 120 |
Note: We are using the “Default” backup vault to take the backup. Backup service always comes with a default backup vault.
Note: We are using EC2 as an example for this demo, but you can replace the EC2 instance ARN with any supported resource ARN to take the backup of that resource.
Warning: There is additional cost associated with AWS Backup, please refer the AWS backup pricing document for additional details.
Step 3: Get the backup job status.
|
1 2 3 4 5 6 7 |
## List backup jobs aws backup list-backup-jobs ## Get details on the backup job BACKUP_JOB_ID=$(aws backup list-backup-jobs | jq -r .BackupJobs[0].BackupJobId) && aws backup describe-backup-job \ --backup-job-id $BACKUP_JOB_ID |
Note: It may take some time to complete your backup (depends on the EC2 instance size and load). You can check the output of last command for the “State” column. If “State” is “COMPLETED”, that means your backup job completed successfully.
Step 4: Get details on the backup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
## List protected resources aws backup list-protected-resources ## Get protected resource details PROTECTED_RESOURCE_ARN=$(aws backup list-protected-resources | jq -r .Results[0].ResourceArn) && aws backup describe-protected-resource \ --resource-arn $PROTECTED_RESOURCE_ARN ## Get backup vault details aws backup describe-backup-vault \ --backup-vault-name Default ## List recovery point by resource aws backup list-recovery-points-by-resource \ --resource-arn $PROTECTED_RESOURCE_ARN ## List recovery point by backup vault aws backup list-recovery-points-by-backup-vault \ --backup-vault-name Default \ --by-resource-arn $PROTECTED_RESOURCE_ARN ## Get recovery point details RECOVERY_POINT_ARN=$(aws backup list-recovery-points-by-resource \ --resource-arn $PROTECTED_RESOURCE_ARN | jq -r .RecoveryPoints[0].RecoveryPointArn) && aws backup describe-recovery-point \ --backup-vault-name Default \ --recovery-point-arn $RECOVERY_POINT_ARN |
Congratulations, you have successfully created a recovery point (backup) of your EC2 instance which you can restore. To reduce the cost, we are going to delete the backup next.
Step 5: Delete the recovery point.
|
1 2 3 4 |
## Delete the recovery plan aws backup delete-recovery-point \ --backup-vault-name Default \ --recovery-point-arn $RECOVERY_POINT_ARN |
Hope you have enjoyed this article. To know more about AWS Backup, please refer below official documentation
https://docs.aws.amazon.com/aws-backup/index.html