Automating EBS snapshots with Amazon EventBridge and amazon SNS
Amazon EventBridge is a serverless event bus service provided by Amazon Web Services (AWS). It simplifies the development of event-driven applications by allowing user to connect different applications using. It builds on the capabilities of CloudWatch Events but extends them further with additional features and integrations.
Amazon EBS Snapshots are point-in-time images or copies of your EBS Volume. These are stored on S3, which can be accessed through Elastic Cloud Computing APIs or AWS Console. While EBS volumes are availability zone (AZ’s) specific but, Snapshots are Region-specific. Your Snapshot size must be either same or larger than the size of the original volume from which the snapshot is taken. As per Amazon, each AWS account can have a maximum of up to 5000 images or copies Volumes and up to 10,000 EBS Snapshots created. A snapshot, when created, shows a ‘pending ‘ status, which then converts into ‘complete’ once the snapshot creation is successful.
Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service provided by Amazon Web Services (AWS) that enables you to build distributed systems and microservices by allowing you to send messages or notifications to a large number of subscribers or endpoints.Amazon SNS is a highly scalable and reliable messaging service that simplifies the process of sending messages or notifications to distributed systems and allows you to decouple the components of your applications for improved scalability, reliability, and flexibility.
Let’s start by launching an EC2 instance with the following specifications:
Name: boonServer
Amazon Linux 2
t2.micro
Proceed with a keypair (we will not be SSHing)
Auto-Assign public IP: Enable
Create new Security group allow SSH from Anywhere
Next, copy and save the Instance ID as we are going to need it later on.
Go to IAM and create a policy named Snapshot_Policy via the JSON tab with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:DescribeVolumes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
We need to create a role now. Go to Roles then on Create role. For Trusted entity type select AWS service and for Use case select Lambda.
Click Next. In the Add permissions screen search for the policy we just created. Select it and click Next. In the next screen type in boon-function for the name then click on Create role.
Now navigate to Lambda and start creating a function. Give the function the name of SnapshotEBS with a Runtime of Python 3.9. For Execution role select Use an existing role. In the Existing role box, select the . Click on Create function.
Paste the following into the Lambda function code block then click the Deploy button:
import json
import boto3
import time
from botocore.exceptions import ClientError
def lambda_handler(event, context):
try:
# EC2 Client
client = boto3.client('ec2', region_name='eu-west-2')
# Get Volume ID of EBS attached to EC2 Instnace
response = client.describe_volumes()
if len(response['Volumes']) > 0:
for k in response['Volumes']:
print("EBS Volume ID : ",k['VolumeId'], " of EC2 Instance : ", k['Attachments'][0]['InstanceId'])
try:
# Create a Snapshot of Volume
responsesnapsnot = client.create_snapshot(VolumeId= k['VolumeId'])
print("Snapshot Created with ID : ", responsesnapsnot['SnapshotId'])
except Exception as e:
print("some error :", e)
return {
'statusCode': 200,
'body': json.dumps("sucess")
}
except ClientError as e:
print("Detailed error: ",e)
return {
'statusCode': 500,
'body': json.dumps("error")
}
except Exception as e:
print("Detailed error: ",e)
return {
'statusCode': 500,
'body': json.dumps("error")
}
Copy the Lambda function ARN and save it for later.
Now go to the SNS console and click on Topics, Create Topic.
or Type select Standard and name it boon-Topic.
Scroll down and expand the Delivery status logging section. In there, select AWS Lambda, Create new service role then click on Create new roles. Clicking on Create new roles will redirect you to another tab for IAM. In that tab, leave everything as default and click Create role.
You can click on Create topic now.
You should now be on the screen below. On this screen we will be creating 2 subscriptions. Let’s create the first one.
Click on Create subscription. For Topic ARN choose the topic we created. For Protocol select AWS Lambda and paste in the Lambda function ARN into the Endpoint box. Click on Create subscription.
Let’s create the second subscription. We will choose the same topic ARN. This time for Protocol, choose email and enter your email address in the Endpoint box. After you create this second subscription, you should receive an email asking if you would like to subscribe. Please confirm the subscription.
The last step we have to perform is creating a rule within Amazon EventBridge. On the EventBridge screen, select EventBridge Rule then click Create rule.
On the next screen name the rule boon-rules, select Rule with an event pattern then click Next.
On the next screen choose AWS events or EventBridge partner events. Then scroll down to Event pattern.
n the Event pattern section, select AWS services, EC2, and EC2 Instance State-change Notification. In the area below, click on Specific state(s) and select stopped and pending. For Specific instance Id(s), paste in the instance ID from earlier then click Next.
In the following screen, select SNS Topic for the target and then choose the Topic we created. Keep clicking next and Create the rule.
We can test our Lambda function and EventBridge rule by going over to the EC2 console and stopping the instance.
If everything was done correctly, 2 things should happen. The first is that we should receive an email stating that the EC2 has been stopped.
Secondly, a snapshot of the instance should be in progress or completed.
thank you for reading !!!