How to Automate AWS Backups Effectively

by Marcelo Tabilo

August 20, 2024

How to Automate AWS Backups Effectively
#AWS#automation#backup
Share on LinkedIn

Keeping regular backups in the cloud is essential — but doing it manually is not scalable.

In this post, we’ll cover:

  1. How to use AWS Backup to automate backups across services.
  2. When to use lifecycle rules with S3 and EBS.
  3. How to trigger backups with Lambda on schedule.
  4. Security and compliance tips to consider.

Automating Backups with AWS Backup

AWS Backup Console

AWS Backup provides a centralized backup service that makes it easier to back up your application data across AWS services in the cloud as well as on-premises. You can define backup policies, manage backup schedules, and monitor activity all from one place.

This service supports both manual and automated backups, allowing you to create backup plans that specify when and how backups are taken, how long they are retained, and where they are stored.

Example Backup Plan Configuration

{
  "BackupPlanName": "DailyBackupPlan",
  "Rules": [
    {
      "RuleName": "DailyBackups",
      "TargetBackupVaultName": "Default",
      "ScheduleExpression": "cron(0 12 * * ? *)",
      "StartWindowMinutes": 60,
      "CompletionWindowMinutes": 180,
      "Lifecycle": {
        "MoveToColdStorageAfterDays": 30,
        "DeleteAfterDays": 365
      }
    }
  ]
}

This JSON defines a backup plan that runs daily at 12 PM UTC, moves backups to cold storage after 30 days, and deletes them after a year.

Supported Services

Some of the services supported by AWS Backup include:

  • Amazon EFS
  • Amazon RDS
  • Amazon DynamoDB
  • Amazon EC2
  • AWS Storage Gateway

These integrations allow you to have a unified backup strategy across your cloud infrastructure.

Benefits

  • Centralized management: A single dashboard to manage backups.
  • Compliance and auditing: Easily meet compliance requirements using built-in reports.
  • Lifecycle policies: Move backups from warm to cold storage automatically.

Lifecycle Policies for S3 and EBS

You can use lifecycle policies to automatically transition data between storage classes or delete it after a period of time. This helps reduce costs and simplifies management.

S3 Lifecycle Rules

  • Transition objects to Standard-IA after 30 days.
  • Archive to Glacier after 60 days.
  • Delete after 365 days if not accessed.

Sample S3 Lifecycle Policy (JSON)

{
  "Rules": [
    {
      "ID": "TransitionToIA",
      "Filter": {
        "Prefix": ""
      },
      "Status": "Enabled",
      "Transitions": [
        {
          "Days": 30,
          "StorageClass": "STANDARD_IA"
        },
        {
          "Days": 60,
          "StorageClass": "GLACIER"
        }
      ],
      "Expiration": {
        "Days": 365
      }
    }
  ]
}

This policy transitions objects to Infrequent Access after 30 days, Glacier after 60 days, and deletes them after a year.

EBS Snapshot Lifecycle

Use Data Lifecycle Manager (DLM) to automate creation, retention, and deletion of EBS snapshots based on defined policies.

EBS Snapshot Lifecycle

Example DLM Policy

{
  "Description": "Daily EBS Snapshot",
  "State": "ENABLED",
  "PolicyDetails": {
    "ResourceTypes": ["VOLUME"],
    "Schedules": [
      {
        "Name": "DailySnapshots",
        "CreateRule": {
          "Interval": 24,
          "IntervalUnit": "HOURS",
          "Times": ["00:00"]
        },
        "RetainRule": {
          "Count": 7
        }
      }
    ]
  }
}

This policy creates daily snapshots and retains them for 7 days.

Triggering Backups with Lambda

Lambda triggering AWS Backup

You can write Lambda functions that trigger backup jobs based on events or schedules.

Example use cases:

  • Trigger backup when a new file is uploaded.
  • Schedule backups to run daily or weekly.
  • Integrate with CloudWatch Events for flexible orchestration.

Sample Lambda Function (Node.js)

const AWS = require('aws-sdk');
const backup = new AWS.Backup();

exports.handler = async () => {
  const params = {
    BackupVaultName: "MyVault",
    ResourceArn: "arn:aws:ec2:region:account:volume/volume-id",
    IamRoleArn: "arn:aws:iam::account:role/service-role/AWSBackupDefaultServiceRole"
  };
  try {
    const data = await backup.startBackupJob(params).promise();
    console.log("Backup job started:", data);
    return data;
  } catch (err) {
    console.error("Error starting backup job:", err);
    throw err;
  }
};

This Lambda function initiates a backup job for a specified EBS volume.

Best Practices

  • Encrypt backups using AWS KMS.
  • Enable notifications for backup failures.
  • Test restore procedures regularly.
  • Use tagging for better organization and filtering.

Real-world Use Case

A fintech startup needed daily encrypted backups of their critical databases and EBS volumes to meet compliance requirements. They implemented AWS Backup with lifecycle policies to transition backups to cold storage after 30 days and delete after a year, reducing costs significantly.

Backup strategy diagram

Their Lambda functions triggered backups on-demand during business hours and integrated notifications for any failures, ensuring data integrity and availability.

Need help automating your backups? Contact us and we’ll help you get started right.

Marcelo Tabilo
Marcelo Tabilo
Cloud Consultant @ HiveBrain

¿Necesitas ayuda con tu infraestructura en la nube?

Contáctanos hoy