How to create automatic backups (snapshots) of an EC2 instance in AWS using Cloudwatch

Written by - 0 comments

Published on - last updated on June 22nd 2020 - Listed in AWS Cloud Backup


Setting up an EC2 instance in AWS is easy. But what about backups? How does that even work in the cloud? Or can you even avoid backups because everything in the cloud is stable?

To answer at least the last question: No, not everything is stable in the cloud (as often misleadingly advertised). Instances may crash (due to software bug or a hardware crash) and may never recover. Never heard of that? Read on AWS EC2 instance unreachable after reboot ([Errno 101]) and see for yourself.

So yes - if you are serious about your setups, you do need to back up your instances. In this article we take a closer look at how to create automatic daily snapshots of an EC2 instance (or more precisely: of the EBS volumes of EC2 instances) using AWS' Cloudwatch service.

IAM privileges

To be able to access Cloudwatch and create Event Rules, the user needs certain additional IAM privileges. To bundle these  together, a group "CloudWatchAdmins" can be created which contain the necessary policies:

Note: Although the policies starting with "CloudWatch" would suggest these are enough to create Event Rules, you're mistaken. The additional policies for ResourceGroups are needed (at least resource_groups:ListGroups is required).

Creating an event rule in Cloudwatch

With the relevant IAM permissions granted, open the Cloudwatch service. In the side-navigation locate and click on "Rules" (under Events). Then click on the blug "Create rule" icon (1).

In the Event Source select "Schedule" (2) and set the interval of this rule. Here a fixed rate of 1 Days was selected (daily interval).

As "Target" the "EC2 CreateSnapshot API call" was chosen (3). This triggers the CreateSnapshot function in the AWS API in the background. Last thing to do is to select the target EBS volume (4). If you're not sure which volume ID you need to select, navigate to AWS' EC2 service, click on the desired EC2 instance and click on the block devices. A popup should show the relevant EBS volume ID:

Once the EBS volume ID was chosen, a role for this event needs to be chosen. Usually the default (Cloudwatch creates a new role) should be sufficient.

Finally, click on the blue icon "Configure details" to continue.

Agreed, "details" is kind of overrated here. In this second step one can only define a name for this event rule and an additional description.

Note: The name field does not support whitespaces.

Finally, click on the blue icon "Create rule" to finish.

Validation in EC2 - EBS - Snapshots

Without specific timing given in the rule schedule (in the example above, just a daily interval was defined), the event rule should be triggered immediately. This can be verified in AWS' EC2 service. In the navigation click on Snapshots (under Elastic Block Storage):

The pending snapshot task was automatically added by the Cloudwatch event (see volume ID).

One day later: Does the schedule work?

24 hours later EC2 - EBS - Snapshots can once again be opened to verify if the daily backup was successfully triggered. And yes, it was:

Once again, check the Volume ID to verify. 

It would have been nice if the description contained an information that Cloudwatch event rule XXX-daily-snapshot created that particular snapshot. AWS, if you read this, you know what to do :-).

What about Data Lifecycle Manager?

Updated June 22nd 2020

Yes, there is an easier and more self-explanatory way how to create and schedule automatic snapshots of EBS Volumes! Read our follow up article how to create automatic snapshots (backups) of EC2 storage volumes using Data Lifecycle Manager.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   OpenSearch   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder