How to Create AWS Lambda Snapshots and Automate EC2 Backups
In today’s cloud infrastructure, automating tasks like creating snapshots for Amazon EC2 volumes is essential for efficient backup and disaster recovery. AWS Lambda provides a serverless environment to execute such tasks automatically. With Lambda, you can back up EC2 volumes across multiple AWS regions, ensuring that your data remains safe and accessible.
This guide will walk you through setting up AWS Lambda to create snapshots for all in-use EC2 volumes. We’ll also cover the creation of IAM roles to grant Lambda the necessary permissions and provide a code example that can automate this process.
Step 1: Create an IAM Role for Lambda Function
Before you can use Lambda to create snapshots, you must create an IAM (Identity and Access Management) role with the required permissions. This role will allow Lambda to interact with AWS EC2 resources securely.
To create the IAM role:
- Go to IAM > Roles > Create Role in the AWS Management Console.
- Name the role “ebs-snapshots-role”.
- Under Role Type, choose AWS Lambda. This grants the Lambda service permissions to assume the role.
- Click Next, but do not select any managed policies for now.
- After the role is created, navigate to the Roles page and select your new role.
- Under the Permissions tab, create a custom inline policy by pasting the following JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:CreateTags",
"ec2:ModifySnapshotAttribute",
"ec2:ResetSnapshotAttribute"
],
"Resource": "*"
}
]
}
This policy provides Lambda the permissions necessary to create and manage snapshots and logs for EC2 volumes.
Step 2: Write the Lambda Function to Create Snapshots
Now that you’ve set up the IAM role, you can move on to creating the Lambda function. This function will iterate over all AWS regions, check for in-use EC2 volumes, and create snapshots automatically.
To create the Lambda function:
- Go to AWS Lambda > Functions > Create Function.
- Choose Author from Scratch and give it a name, such as “CreateEC2Snapshots”.
- Paste the following code into the function’s code editor:
import boto3
def lambda_handler(event, context):
ec2 = boto3.client('ec2')
# Get list of regions
regions = ec2.describe_regions().get('Regions', [])
# Iterate over regions
for region in regions:
print(f"Checking region {region['RegionName']}")
reg = region['RegionName']
# Connect to region
ec2 = boto3.client('ec2', region_name=reg)
# Get all in-use volumes in all regions
result = ec2.describe_volumes(Filters=[{'Name': 'status', 'Values': ['in-use']}])
for volume in result['Volumes']:
print(f"Backing up {volume['VolumeId']} in {volume['AvailabilityZone']}")
# Create snapshot
result = ec2.create_snapshot(VolumeId=volume['VolumeId'], Description='Created by Lambda backup function ebs-snapshots')
# Get snapshot resource
ec2resource = boto3.resource('ec2', region_name=reg)
snapshot = ec2resource.Snapshot(result['SnapshotId'])
volumename = 'N/A'
# Add volume name to snapshot for easier identification
if 'Tags' in volume:
for tags in volume['Tags']:
if tags["Key"] == 'Name':
volumename = tags["Value"]
snapshot.create_tags(Tags=[{'Key': 'Name', 'Value': volumename}])
This Lambda function does the following:
- Iterates through all AWS regions
- Identifies in-use EC2 volumes
- Creates snapshots for each volume
- Tags the snapshot with the volume’s name for easier identification
Step 3: Set Permissions and Timeout
Once the code is in place, ensure you assign the IAM role you created earlier to this Lambda function. The default timeout for Lambda functions is typically 3 seconds, which is insufficient for tasks like creating snapshots. Increase the timeout to 1 minute under the Advanced Settings in the Lambda console to give the function enough time to process the snapshots for each volume.
Step 4: Test and Deploy the Lambda Function
Now that you’ve configured the Lambda function, click Create Function to deploy it. You can now test your function to ensure it’s working correctly. When executed, the function will automatically create snapshots for all in-use volumes across all AWS regions.
Why Use AWS Lambda for EC2 Snapshots?
Using AWS Lambda for automating EC2 backups is an efficient and scalable solution. Lambda ensures that you only pay for the compute time that you use, and there is no need to provision and manage servers. Additionally, automating the snapshot process minimizes the risk of human error and ensures that backups are always up-to-date.
At the same time, organizations can benefit from solutions like ZippyOPS, which offers consulting, implementation, and managed services to help streamline cloud operations. Whether you need assistance with DevOps, DevSecOps, or automated operations (AIOps), ZippyOPS can help you optimize your cloud infrastructure. ZippyOPS also provides expert support for Cloud, DataOps, Microservices, Infrastructure, and Security.
If you need help with automating your cloud workflows or managing your AWS environment, ZippyOPS offers tailored services to meet your needs. Learn more about their offerings by visiting ZippyOPS Services, or explore their solutions for more insights. Check out their products to see how ZippyOPS can enhance your cloud strategy.
Conclusion for AWS Lambda Snapshots and Automate EC2 Backups
Automating EC2 backups using AWS Lambda is a simple yet powerful way to ensure that your infrastructure is protected. By setting up the appropriate IAM roles and Lambda functions, you can automate the creation of snapshots across multiple regions. This approach not only saves time but also enhances the reliability and scalability of your backup strategy.
For any assistance in optimizing your cloud operations or implementing automated solutions, ZippyOPS is here to help. Reach out to their team at sales@zippyops.com for more information.
