AWS EBS Snapshots Automation (Disaster Recovery) from Windows PowerShell

ebs

It is always a good idea to reduce hardware dependencies by moving your data to the cloud. Cloud is much more flexible than traditional hardware infrastructure including VMWare. But you still have to consider the ability of recovering data as and when required. This always helps you to keep your business running with minimal interruption. In AWS, there are several possibilities for implementing an effective backup strategy. EBS snapshots are so simple & cost effective. You can take snapshot easily from AWS Web console, but there is no option to configure scheduled backup to automate.

Being as a Windows Administrator, Initially I used AWS Tools for Windows PowerShell (AWS SDK for .NET) to manage snapshot using PowerShell cmdlets. There are some script available to automate the snapshot process, but most of them are available for Linux environment or way too complex for me to understand. Then I decided to write one script for myself, which should fulfil following requirement.

  • Take snapshot for all volumes.
  • Can be scheduled as per defined backup strategy.
  • All snapshots must follow proper naming convention with time stamp in its description.
  • Keep the logs after finishing backup.
  • Remove old snapshots as per defined retention period.
  • Trigger one email after every successful execution of the script for taking & removing snapshot.

Finally I managed to write two separate script, one for taking snapshots and another for removing old snapshots. Also able to rotate this script to take backup as Daily, Weekly by duplicating the script and creating multiple scheduled tasks.

NOTE : I am not a pro on PowerShell, but I tried my best to write this script, and it works without any issue. As always, you can use this script at your own risk.

Requirments:

In future, I will improve it further. Now this solution has the following requirements:

  • EC2 instance running Windows 2008 / R2, or Windows 2012.
  • PowerShell 3+
  • AWS SDK for .NET
  • IAM account to authenticate.
  • Little knowledge on PowerShell.

Following policy should applied to this IAM account:

  • ec2:CreateSnapshot
  • ec2:CreateTags
  • ec2:DeleteSnapshot
  • ec2:DeleteTags
  • ec2:DescribeSnapshots
  • ec2:DescribeTags
  • ec2:DescribeVolumeAttribute
  • ec2:DescribeVolumeStatus
  • ec2:DescribeVolumes

How to configure the script:

First download SnapShot.zip and extract it.

  SnapShot_Update_05.rar (6.4 KiB, 360 hits)

Update:

  • Added option to select only root volumes for snapshot.
  • Now script will tag the snapshots with Instance Name & Volume Device.
  • Free volumes will be tagged as well.
  • Changed the configuration.
  • Added functions to update TAGs.
  • Added function to retry on failure.
  • Now you can extract script anywhere you like.
  • PowerShell version checking.

Configurable settings (SnapShotConfigAWSConfig.ps1)

First you have to update AWSConfig.ps1 with your Access Key, Secret Key and your Region. Do not change the file location, as this file will be used by the snapshot creation & removal script.

AConfig

Configurable settings (SnapShotAutoSnapCreation.ps1)

Setting for max retry count for validating successful connection between AWS and EC2 Instance.

AWSRetry RetryCount TimeOut

Eg. AWSRetry 30 30

Once connected successfully, it will start taking backups.

You can also configure volume type to take backup. Available options are single volume, free volumes, active volumes & root volumes.

[ad#flipkart]

VolOption

Here you have to specify the log file location and snapshot backup type. By duplicating the script on separate folder you can take DAILY / WEEKLY / MONTHLY backup etc.

Here you have to specify the email server, sender & recipient details.

Configurable settings (SnapShotDailyAutoSnapRemoval.ps1)

Here you have to set the retention period for old snapshot backup and the type of backups.

Once you finish with the script configuration, you have to create task scheduler for taking backup. To do it easily, I have already created two scheduler, you just have to import them and modify the execution time, path (if your %SystemDrive% is other than C:) & Authentication.

Once done, it will be ready for production use.


Thanks for reading 🙂

Disclaimer: All posts and opinions on this site are provided AS IS with no warranties. These are our own personal opinions and do not represent our employer’s view in any way.

This article currently have 18,938 views

Saugata
Follow me

CC BY-ND 4.0 This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

15 comments

  1. This is a much appreciated script. I added the following for volumes attached only to the EC2 instance invoking which can be easily modified to be a specified instance. This is useful as I don’t need to snapshot all my instances.

    #For volumes attached to this instance
    $Instance = (Invoke-WebRequest -Uri instance-data/latest/meta-data/instance-id).Content
    $VolAttached = (Get-EC2Volume).Attachment | ? {$_.InstanceId -eq $Instance}
    $Volids = $VolAttached.VolumeId

  2. I’m running your script. It says it connected to the AWS account successfully. I uncommented the line so that it will snapshot all the volumes in the region. However, it ends saying there are no volumes or snapshots available. Any ideas?

    1. Are you sure you are executing this script on PowerShell v3.0 +. I have added the version PowerShell version checking to avoid any confusion.

        1. Nope, it will only work with PowerShell 3.0+.
          I also recommend you to upgrade the PowerShell.

          Note : This script will work on PowerShell 2.0, but for that you have made lots of changes in the script. things are little easy with PowerShell 3.0+

  3. Hi, I’m only looking to remove snapshots. I amend the script for 31 days but it comes back telling me no old snapshots found. What am I missing? Is the DAILY $SnapType a tag I need to amend. I simply want to remove all snapshots older than 31 days.

    1. Hi Malcolm,
      This script will not detect any snapshot not created by itself. If you wan’t a generic old snapshot cleanup script, please do let me know, I will create one for you.

      Regards,
      Saugata D

      1. Hi Saugata,
        Is there any way you can create a snapshot cleanup script that’ll look for the amount of snapshots available and then delete any that are older e.g.
        I’m taking daily snapshots, but I want to retain two days worth of snapshots – so the script will go OK I can see there are snapshots for todays date and yesterdays, so it will clear all others?

        1. Yes,
          We can do that, all you have to do is to create a filter for your snapshots to identify old snapshots and delete them.
          If you want i will create one for you.

          Regards,
          Saugata D

  4. Awesome script! Thanks.

    For those that just want to snapshot volumes with a certain tag:

    $TaggedVol = Get-EC2volume -filter @{ Name=”tag-value”; Values=”” }
    $Volids = $TaggedVol.VolumeId

    1. Argh, comments get the less-than / greater-than symbol stripped out.

      $TaggedVol = Get-EC2volume -filter @{ Name=”tag-value”; Values=”YOUR TAG HERE” }
      $Volids = $TaggedVol.VolumeId

  5. Hello,
    i Run the script for a single volume but i have this error:

    Take EC2 SnapShot : System.InvalidOperationException: Value (Amazon.EC2.Model.Volume) for parameter volumeId is invalid. Expected: ‘vol-…’. —> Amazon.EC2.AmazonEC2Exception: Valu
    e (Amazon.EC2.Model.Volume) for parameter volumeId is invalid. Expected: ‘vol-…’. —> Amazon.Runtime.Internal.HttpErrorResponseException: The remote server returned an error: (400
    ) Bad Request. —> System.Net.WebException: The remote server returned an error: (400) Bad Request.

Leave a Reply to Saugata Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.