How can I get notifications for AWS Backup jobs that failed?

Last updated: 2019-10-24

I want to be notified if my AWS Backup job fails. How can I set up email notifications for an unsuccessful backup job?

Short Description

Use Amazon Simple Notification Service (Amazon SNS) to send email notifications about failed backup jobs. Follow these steps to configure Amazon SNS and your backup vault for notifications:

1.    Create an SNS topic to send AWS Backup notifications to.
2.    Configure your backup vault to send notifications to the SNS topic.
3.    Create an SNS subscription that filters notifications to backup jobs that are unsuccessful.
4.    Monitor emails for notifications.

Resolution

Create an SNS topic to send AWS Backup notifications to

1.    Open the Amazon SNS console.

2.    From the navigation pane, choose Topics.

3.    Choose Create topic.

4.    For Name, enter a name for the topic.

5.    Choose Create topic.

6.    Under the Details of the topic that you just created, copy the value for ARN (Amazon Resource Name). You need this value for later steps.

7.    Above the Details pane, choose Edit.

8.    Expand Access policy.

9.    In the JSON editor, append the following permissions into the policy:

Important: Replace the value for Resource with the ARN that you copied in step 6.

{
      "Sid": "My-statement-id",
      "Effect": "Allow",
      "Principal": {
        "Service": "backup.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:eu-west-1:111111111111:exampletopic"
}

10.    Choose Save changes.

Configure your backup vault to send notifications to the SNS topic

1.    Install and configure the AWS Command Line Interface (AWS CLI).

2.    Using the AWS CLI, run the put-backup-vault-notifications command with --backup-vault-events set to BACKUP_JOB_COMPLETED. Replace the following values in the example command:
--endpoint-url: Enter the endpoint for the AWS Region that your backup vault is in.
--backup-vault-name: Enter the name of your backup vault.
--sns-topic-arn: Enter the ARN of the SNS topic that you created.

aws backup put-backup-vault-notifications --endpoint-url https://backup.eu-west-1.amazonaws.com --backup-vault-name examplevault --sns-topic-arn arn:aws:sns:eu-west-1:111111111111:exampletopic --backup-vault-events BACKUP_JOB_COMPLETED

3.    Run the get-backup-vault-notifications command to confirm that notifications are configured:

aws backup get-backup-vault-notifications --backup-vault-name examplevault

4.    The command returns output similar to the following:

{
    "BackupVaultName": "examplevault",
    "BackupVaultArn": "arn:aws:backup:eu-west-1:111111111111:backup-vault:examplevault",
    "SNSTopicArn": "arn:aws:sns:eu-west-1:111111111111:exampletopic",
    "BackupVaultEvents": [
        "BACKUP_JOB_COMPLETED"
    ]
}

Create an SNS subscription that filters notifications to backup jobs that are unsuccessful

1.    Open the Amazon SNS console.

2.    From the navigation pane, choose Subscriptions.

3.    Choose Create subscription.

4.    For Topic ARN, select the SNS topic that you created.

5.    For Protocol, select Email-JSON.

6.    For Endpoint, enter the email address where you want to get email notifications about failed backup jobs.

7.    Expand Subscription filter policy.

8.    In the JSON editor, enter the following

{
  "State": [
    {
      "anything-but": "COMPLETED"
    }
  ]
}

9.    Choose Create subscription.

10.    The email address that you entered in step 6 receives a subscription confirmation email. Be sure to confirm the SNS subscription.

Monitor emails for notifications

After you configure notifications, you'll receive an email similar to the following when your vault has a backup job that was unsuccessful:

{
  "Type" : "Notification",
  "MessageId" : "example-5276-82f7-9452-2cd40418fc6b",
  "TopicArn" : "arn:aws:sns:eu-west-1:111111111111:exampletopic",
  "Subject" : "Notification from AWS Backup",
  "Message" : "An AWS Backup job was stopped. Resource ARN : arn:aws:ec2:eu-west-1:111111111111:volume/vol-example56d7w92d4b. BackupJob ID : example4-3dd5-5678-b52d-90bd749355a5",
  "Timestamp" : "2019-10-17T11:44:46.421Z",
  "SignatureVersion" : "1",
  "Signature" : "examplegzgRkzlGGenzdZpJs1cL1VeYfUGQXa71b/INaUg2ynWRARwydQ3+up34Qgkl0M54OOkwC8IIeYQ==",
  "SigningCertURL" : "https://sns.eu-west-1.amazonaws.com/SimpleNotificationService-example2f9911b05cd53efda11f913f9.pem",
  "UnsubscribeURL" : "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:111111111111:exampletopic:example5-b3aa-4de1-b212-0f4ee4a43dcc",
  "MessageAttributes" : {
    "AccountId" : {"Type":"String","Value":"xxxxxx"},
    "EventType" : {"Type":"String","Value":"BACKUP_JOB"},
    "State" : {"Type":"String","Value":"ABORTED"},
    "StartTime" : {"Type":"String","Value":"2019-10-17T11:29:01.533Z"},
    "Id" : {"Type":"String","Value":"example4-3dd5-5678-b52d-90bd716915a5"}
  }
}

You can test notifications by creating two on-demand backups and then stopping one of the backups. You get an email notification for only the stopped backup.


Did this article help you?

Anything we could improve?


Need more help?