Automating AWS Backup & Restore with EC2, Lambda, and SNS

My objectives here were to automate the backup, ensuring data is frequently backed up, the backups are confirmed through testing, and in the case of failures appropriate notification processes are in place. I mapped Image 1 to visualize the plan.

Image 1

Deploy Infrastructure:

• First the infrastructure needed to be deployed. I created a stack in Cloudformation & acknowledged that AWS may create IAM resources (Image 2 & 3). Note that you need to select an AZ & Notification Email, which are not populated in the below images.

Image 2

Image 3

• It can take a few minutes for the stack to deploy. Image 4 shows the stack in progress. Image 5 shows the stack complete.

Image 4

Image 5

• I then needed to go to Outputs, and note the KEY & VALUE (Image 6). This will be used later in the exercise.

Image 6

• Before moving on to creating the actual Backup Plan, it is good to ensure the URL works. I clicked the hyperlink, and it was successful as it brought me to the functioning page seen in Image 7.

Image 7

Create Backup Plan:

• I then went to AWS Backup, then to “Create Backup Plan,” then to “Build a New Plan” which I named BackupPlan2. (Image 8)

Image 8

• I then configured rules for the Backup Plan. To address lifecycle policies, the backup will happen daily & will never transition to cold storage as seen in Image 9. Although not evident in Image 9, I also created a Backup Vault, and changed the field from “Default” to what I named “BackupVault2).

Image 9

• I then executed the creation of then, which was a success (Image 10).

Image 10

Enable Notifications:

• I went to the Command Line Interface (CLI), which brings you to AWS CloudShell, a web browser-based shell (Image 11 & 12).

Image 11

Image 12

• The below is the command format to enable notifications with messages published to the SNS topic every time a backup or restore job is completed:

aws backup put-backup-vault-notifications — region us-east-1 — backup-vault-name BACKUP-LAB-VAULT — backup-vault-events BACKUP_JOB_COMPLETED RESTORE_JOB_COMPLETED — sns-topic-arn <YOUR SNS TOPIC ARN>

• I needed to edit this template command to hold information specific to my environment. Note the Backup Vault name is case sensitive, and the ARN for the SNS Topic is found in the outputs of the environment created in CloudFormation. Once I edited the command to hold my unique information, I entered the command into the CLI.
• Note that below is the email that you will receive to confirm subscription to this notification (Image 13)

Image 13

Test Restore:

• To test the restore, I created an on-demand backup rather than waiting for the automated daily backup to occur. SNS successfully produced a notification to my respective email address, which in a practical setting would go to an operations team for example to make them aware of the backup. I then had the option to restore through AWS Lambda by going to AWS Backup>Jobs>Restore Jobs.

From here, the exercise was complete, and I proceeded to tear down what was built.

Credit: This exercise was inspired & guided by a lab at wellarchitectedlabs.com