Recently, we were asked by a client to setup regular EBS volume snapshots for their production EC2 instances. After a little research, Mike came across a fairly simple tool called aws-snapshot-tool: https://github.com/evannuil/aws-snapshot-tool. This tool runs as a cron job and automatically creates daily, weekly, and monthly snapshots, and automatically rotates out the oldest snapshots for each time period.
The tool, written in Python, takes advantage of an excellent module called boto (https://github.com/boto/boto, http://docs.pythonboto.org/en/latest/). Boto is a Python package that provides an interface to Amazon Web Services (AWS) allowing you to easily maintain and manage various aspects of your AWS environment with very little coding.
Install Notes
The aws-snapshot-tool github page has simple instructions to get started, but here are a couple points of interest:
install and setup boto
- pip install boto
- Setup a .boto config file to store your AWS access key (See: https://code.google.com/p/boto/wiki/BotoConfig)
Setup your Identity and Access Management (IAM) access
When you access AWS through their API, you are utilizing the web service functions to which your account has been given access. The aws-snapshot-tool includes a sample IAM configuration, that shows which actions need to be setup:
"Action": [
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:DeleteSnapshot",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes"
],
Configuration (including rotation)
Configuration is very easy. The script uses a config.py file that looks like:
config = {
'ec2_region_name': 'us-east-1',
'ec2_region_endpoint': 'ec2.us-east-1.amazonaws.com',
'tag_name': 'tag:MakeSnapshot',
'tag_value': 'True',
'keep_day': 5,
'keep_week': 5,
'keep_month': 11,
'log_file': '/tmp/makesnapshots.log',
}
There are three important pieces being defined here:
- The region where your EBS volumes are defined
- The tag name put on each volume in order to enable snapshots
- The definition for how long to keep snapshots: 5 days, 5 weeks, and 13 months
Tag Your Volumes
Well, it couldn't be any easier. Simply add a Tag of 'MakeSnapshot', with a value of 'True', (as defined in the above config file) to any volume you want picked up by this script. The script loops through all volumes in the entire defined ec2_region_name field, looks for that tag, and handles the snapshot and rotation of snapshots automatically.
Cron Setup & Output
We chose to run our script on another EC2 instance, but this could run anywhere. We setup the following cron jobs to run:
$ crontab -l
# mon-fri 30 3 * * 1-5 /home/zope/aws-snapshot-tool/makesnapshots.py day
# every sat 30 3 * * 6 /home/zope/aws-snapshot-tool/makesnapshots.py week
# first sun 30 3 1-7 * 0 /home/zope/aws-snapshot-tool/makesnapshots.py month
Each snapshot is created with a description that begins like 'day_snapshot...', 'week_snapshot...', or 'month_snapshot...', like in the following screenshots:
Gotchas?
At the moment, I can only think of 3:
- The config.py script points to a region. If we decide to start using other regions for our servers, we will need to accomodate that.
- The cost of storage. Is cheap. However, once this has run for a year, we will have 23 snapshots per volume saved in our account.
- These are real time snapshots. It is each server administrator's responsibility to insure the volume being backed up is in the proper state.