AWS Backup is a centrally managed service used to back up data of multiple services on AWS like Amazon EBS, Amazon EC2, Amazon RDS, Amazon DynamoDB, Amazon EFS, Amazon FSX, and AWS Storage Gateway. To schedule the backups using AWS Backup, the AWS Backup service is assigned specific permissions using the IAM role to access the data to be backed up.
AWS Data Lifecycle Manager is an EC2 native service to backup only EC2 servers on AWS. It can be used to schedule daily, weekly, monthly, yearly, or custom cron expressions for backups. Like AWS Backup, AWS Data Lifecycle Manager also needs an IAM role with specific permissions assigned to access the data to be backed up. In this blog, we will discuss the following points to have backups of EC2 instances on AWS.
- Manual backups
- Automated backups
- Using Data lifecycle manager
- Using AWS backups
Manual backups
Manual backups are useful when an on-demand backup of your EC2 instance is required at any point in time. To take a manual backup of an EC2 instance, first log into the AWS management console and select the region from the top right corner of the console, where the EC2 instance is deployed.
After selecting the region, search for the EC2 service from the console.
From the panel on the left side of the EC2 console, click on the instances under the INSTANCES section.
Now select the instance you want to take the backup and click on the Actions button on the top right corner of the EC2 console. It will display a list of different options, select the Image and template, and open a new list. Click on the Create image.
It will open a new page asking for details of the EC2 instance backup. Enter the Image name and check the No reboot button. If not checked, the instance will reboot before backing up to ensure data consistency. For this blog, check the No reboot box and click on the Create image button at the bottom right corner of the page, leaving the rest of the settings as default.
It will generate the EC2 instance backup, including an AMI (Amazon Machine Image) and a snapshot for each volume attached to the EC2 instance. From the panel on the left side of the EC2 console, click on the AMIs under the Images section.
It will display all the AMIs available there, and you can see the AMI of the EC2 instance you just back up there.
Now click on the Snapshots under the Elastic Block Store section from the panel on the left side of the EC2 console.
Here you can see all the snapshots of the instances you created backups of. A snapshot is a point-in-time copy of the volume attached to the EC2 instance. If an EC2 instance has more than one volume, then the backup of that instance will create more snapshots.
Automated backups
Automated backups are scheduled to recover the EC2 instance from disaster at any point in time. AWS provides two different services to schedule automated backups. In this section, we will discuss both of them.
Using Data Lifecycle Manager
Amazon Data Lifecycle Manager is an EC2 native service to automate EC2 backups only. A lifecycle policy is created to automate the backups using the Data Lifecycle Manager, and EC2 backups are scheduled according to the policy. There are 3 different types of lifecycle policies.
- EBS snapshot policy
- EBS-backed AMI policy
- Cross-account copy event policy
For this blog to create EC2 backups, we will discuss EBS-backed AMI policy only. The EBS-backed AMI policy is used to automatically create AMI and snapshots of the volumes attached to the EC2 instance, just like a manual backup.
The first step to create the automated EC2 instance backups is to tag the EC2 instance. Go to the EC2 instances, select the instance you want to schedule backup, and click on the Actions button. Select the instance settings>Manage tags from the dropdown list.
Enter key and value and click on the Save button to add the tag.
Now from the EC2 console, select the Lifecycle Manager under the Elastic Block Store section.
Select the EBS-backed AMI policy as policy type and click on the Next step button to move on
It will open a form asking for different configurations required to schedule the EC2 backup. Specify the EC2 instances you want to schedule backups of using the tags. Add some description to the data lifecycle policy and move on.
Select the default role as an IAM role, and the role will be created automatically if there is none.
Policy status defines whether the policy is enabled or not. If the policy status is set to Not enabled, it will not take the backups of the EC2 instances. Set the policy status to Enabled.
Instance reboot option, if set to yes, reboots the instance before taking the backup to ensure the data consistency. If set to no, the instance will not shut down, but it could cause data consistency issues. For this demo, set the instance reboot option to No.
Click on the Next button at the bottom right corner of the page, and it will ask for the schedule details. Schedule details define when the lifecycle policy runs, and the backup of the specified instances is taken. A total of 4 schedules can be added to the same policy.
Schedule details also include a retention policy that determines when the old EC2 backups are to be deleted. There are 2 types of retention policies: a count-based retention policy and an age-based retention policy. Count-based retention policy keeps a specific number of latest EC2 instance backups and deletes the remaining, while age-based retention policy deletes all the EC2 instance backups older than the defined age. Retention policy is defined for the first schedule only; all the remaining schedules inherit the same retention policy.
We will add 2 schedules, a daily schedule and a monthly schedule, and a count-based retention policy will be used for this demo. For the daily schedule, select the Daily frequency, starting time, and retention type.
After providing details for daily backup, click on the Add another schedule button at the top right corner to add a monthly schedule. Enter the details for the monthly schedule and enter the number of instances to retain by this policy.
After entering both schedules, click on the Review policy button at the bottom right corner of the page. After reviewing the policy, click on the Create policy button at the bottom right corner of the page. This policy will create the AMIs and the Snapshots of the specified instances on a defined schedule.
Using AWS backups
AWS backups is a centralized backup service provided by the AWS used for data protection of different AWS services. AWS backups is a policy-based service and can also be used to schedule the EC2 instance backups. In this section of the blog, we will use AWS backups to schedule the backups of the EC2 instances. The first search for the aws backups service from the AWS management console.
From the panel on the left side of the AWS backups console, select the Backup plans.
From the top right corner, click on the Create backup plan button.
From the Start options, select the Build a new plan and provide the Plan name.
For the backup rule configuration, provide the backup rule name, backup vault, and backup frequency, and click on the create plan button at the bottom right corner of the page to create the AWS backup plan.
After creating the backup plan, now click on the backup plan to add resources to it.
Scroll down to the Resource assignments section and click on the Assign resources button.
Enter the resource assignment name, select the Default role as IAM role and Enter the resource tags to specify the EC2 instance as a resource. Click on the Assign resources button to assign the resources.
After assigning the resource, the AWS backup will start tracking the EC2 instance for backups. The backups taken by the AWS backups service can be found in the Backup vaults. We selected the default backup vault for this demo so that the backups will be there in the default backup vault.
Conclusion
EC2 instance backups are an important part of disaster recovery. AWS provides different services to take manual and schedule automated backups of the EC2 instance on AWS. This tutorial explains different ways to take the backups of the EC2 instances. AWS data lifecycle manager is an EC2 native service used to schedule the EC2 backups with multiple schedules. It can be used to schedule daily, weekly, monthly, yearly, or even customized cron job backups of the EC2 instances. AWS backups is another service used for the same purpose and can be used to schedule the backups of not only the EC2 instance but other services like EFS, FSx, etc. This blog describes a step-by-step process to take the backups of the EC2 instance using different ways on AWS.