I configured a set of Lifecycle manager Policies to back-up my EC2 instances last week, but I cannot find any relevant snapshots in the EBS snapshots section. Can someone please advise if I should look for the snapshots somewhere else, or if I should review any specific parameters that regard the policy, or if even I should use another method?
Thank you.
Schedule details
Lifecycle manager will create the backup as a regular EBS snapshot, EBS snapshots are stored in S3 however you do not have access to the snapshot other than through the console/API.
Based on your configuration it will only apply to a tag of Name with the value of Graylog v3.3.2. This will happen once a week at 12:30PM UTC on a Monday.
If the snapshots are not being generated check the following:
Do the target instances have this name and value assigned to them?
Does the execution IAM role have permissions to perform this action? If it has the default permissions then it will be fine to run.
Thank you for the answer and apologies for this issue I'm kind of new to AWS and I managed to solve it.
The issue was simply in the filter applied to the snapshots tab I wasn't seeing the full name. bottom line the policy was working fine after all.
Related
in my AWS snapshots, I see, that there are snapshots created without policy, and I don't know, hot to disable them.
In my "Lifecycle Manager" I see only one policy, and it creates snapshot every day, and keep them for 2 weeks.
Those snapshots have description added "Created for policy: policy-0fd537dfc2b885c39 schedule: Daily".
And kept only for 2 weeks, then deleted automatically.
But there are also some snapshots without description, which aren't deleted and kept forever. Their creation date is about 11:45PM (East Europe time).
Snapshot list, with unknown snapshots in red border.
The only policy defined:
Are they created by some automatic volume backup, or how?
I didn't have any cron jobs on the server.
What can I do to disable them? Where to find their configuration?
I appreciate any help :)
Kind regards,
Wojtek
You can use AWS CloudTrail to look for the API events that created the Snapshots. A user identity (eg IAM Role or IAM User) will be associated with those events.
That should help you figure out how/what is creating those snapshots each night at 12:45am.
We had an instance where MongoDB hosted. now MongoDB someone deleted data by mistaken and we don't have any snapshots policy to retrieve backup for that account...
In this case, Can AWS provide backup as a snapshot from their data center backup mechanism??
Please let me know as its very important for us to work out this.
Unfortunately if you do not see an EBS snapshot in the account, then it does not exist. AWS does not keep extra backups of snapshots separate from it's customer accounts.
Under the AWS Shared Responsibility Model, customer data, including backups of that data, are the sole responsibility of the customer.
See https://aws.amazon.com/compliance/shared-responsibility-model/
I would like to setup a batch process as follows on Amazon AWS:
take snapshot of volumes tagged "must_backup"
share those snapshots with account B
make a copy of those snapshots within account B
the purpose of this is to protect the backups in case the first Amazon AWS account gets compromised.
I know how to automate steps 1 & 3, however I cannot find a commandline example on how to perform step 2.
The official documentation https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
does not provide any sample and does not clearly state how to specify the target account on the commandline.
I've double checked the previous solution and it's not ok. Basically "sharing" a snapshot means allowing other accounts to create a volume from that snapshot.
This implies adding a value to the "createVolumePermission" attribute
aws ec2 modify-snapshot-attribute --snapshot-id snap-<id> --user-ids <user-id-without-hypens> --attribute createVolumePermission --operation add
the operation might take some time (minutes?) after that you'll be able to query the attribute this way:
aws ec2 describe-snapshot-attribute --snapshot-id snap-<id> --attribute createVolumePermission
PS: for the purposes mentioned in the question this is probably not enough since the 'destination' account will not be able to see any of the tags from the source account, thus it will be impossible to perform a correct backup if the source account shares multiple snapshots with the same size
Example Commands for aws cli: copy ec2 snapshot
aws ec2 modify-snapshot-attribute --snapshot-id snap-1234567890 --user-ids other-amazon-account-id
I am using AWS to launch a EC2 instance. Fortunately I did it without problem.
What I need now is to make a backup of the data.
I think snapshot is a good way to do it. I have been doing some research and I found a good tool to do it automatically (https://github.com/colinbjohnson/aws-missing-tools/tree/master/ec2-automate-backup).
The problem is that I think it is not enough to make snapshots. In my opinion a copy of the last snapshot needs to be in another region, but I don't know how to do it automatically. I have been searching on internet and only found this:
http://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html. The problem is that I don't know the snapshot id (considering it is generated automatically by the first tool I mentioned).
The question is: Do you know any tool that can help me with this problem? If don't, do you know another approach to get a solution.
It is important to know that the service which is given doesn't need to be up 24 hs.
It is my first time using servers so I don't know how long a region in amazon can be down.
You do not need to know a volume ID to use copy-snapshot in the AWS CLI. When executing the command you provide a value to the --source-snapshot-id option. This specifies the ID of the snapshot you want to copy. A snapshot can be copied in the same region or to another region via the --destination-region option.
You can simply call create-snapshot and then copy-snapshot giving it the generated snapshot ID to copy the snapshot to another region. This could be automated via a cron job if necessary.
You can set up a cron job to invoke aws cli which can copy the snapshots to an S3 bucket 'A'. And, cross region bucket replication can be enabled from the source bucket 'A' in region 1 to destination bucket 'B' in region 2. Whenever a snapshot is uploaded to 'A', it'll get replicated to 'B' as well. So, in case first region becomes offline, you can restore volumes from the snapshots in 'B' bucket in region 2.
I'm trying to view an AMI shared from one of my amazon accounts with another amazon account and it's not visible. I've followed all of the instructions here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
I've been able to share an EBS Volume successfully, but not the AMI. Are there any undocumented issues or steps anyone has run in to which might keep me from viewing the shared AMI?
Alternatively - is there a way to build an AMI from the snapshot?
It's possible that one of your accounts is set to a different region than your other. At least, that's what I just ran into.
AMIs don't cross regions - an AMI created in region A will never show up in any other region. You'll see this if your two accounts are in different regions, or even if you switch regions in one of your accounts.
There are two things you can do:
Just change regions in your target account. The AMI should magically appear - at least, it did for me. Easy, but unsatisfying, if you really like some other region.
In your source account, copy the AMI into the region that you'd like to use it from. Here are the official docs, but it's pretty straightforward. From the console, right-click the AMI, select Copy AMI, choose your region, and press the Copy AMI button. Wait until copied, then set permissions on the newly-generated AMI.
You'll have to wait, but at least you won't have to go through the song-and-dance that you used to.
You need to be in the correct region as well on the left hand side of the filter below launch there is a drop down menu that defaults the AMI's to "Owned by Me". Since you are in the destination account you need to select "Private Images"
All Amazon AWS AMI's are public and visible to all accounts. Are you talking about an AMI that you (or someone else) explicitly created following these steps:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami.html
If so, the instructions for sharing those are here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-sharingamis.html
(I'm not sure the difference between your link and this link. They seem... the same)
EBS Snapshots, which are not AMIs, can be shared with other accounts. The instructions for sharing EBS Snapshots with other accounts are here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
I don't know of any direct way to create an AMI from a snapshot. I don't think there is one.