How can I automate Amazon EBS snapshot management using Amazon Data Lifecycle Manager?
Last updated: 2019-10-08
I want to automate the creation, retention, and deletion of Amazon Elastic Block Storage (Amazon EBS) snapshots used for backing up my Amazon EBS volumes. How do I do that?
Amazon Data Lifecycle Manager (Amazon DLM) is an automated procedure to back up the data stored on your Amazon EBS volumes. Use Amazon DLM to create lifecycle policies to automate snapshot management.
Create a lifecycle policy in Amazon DLM:
1. In the Amazon Elastic Compute Cloud (Amazon EC2) console, under Elastic Block Store, select Lifecycle Manager.
2. Select Create Snapshot Lifecycle Policy.
3. Enter a Description for the policy.
4. Select a resource type. Select Volume if you want to schedule snapshots for volumes with a specific tag. Select Instance if you want to schedule snapshots for all volumes attached to an instance with a specific tag.
5. Select the tags associated with the Amazon EBS volume or Amazon EC2 instance, depending on the option chosen above.
6. Add a Schedule name to your policy. Any snapshot created with this policy is automatically tagged with the schedule name entered here.
7. Enter the number of hours that will elapse between policy runs.
8. Enter the policy run start time. Snapshot creation starts within one hour of the specified start time.
9. Set the Retention rule to the maximum number of snapshots that you want to retain. The oldest snapshot beyond this number will be deleted.
10. Optionally, select Copy Tags from volume to copy all user-defined tags on a source volume to snapshots of the volume created by this policy.
11. Optionally, add additional tags to the created snapshots by selecting Add Tag. These tags are in addition to any tags that were copied from the volumes or added as default by Amazon DLM.
12. Select an AWS Identity and Access Management (IAM) role that has snapshot create and delete permissions. The Default role has the required permissions. If you don't want to use the default role, you can create a new role with the required permissions using the IAM console. Select the new role when creating your lifecycle policy. The following permissions are required for a role to use Amazon DLM.
"ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:DeleteSnapshot", "ec2:DescribeVolumes", "ec2:DescribeInstances", "ec2:DescribeSnapshots"
13. Review the Policy Summary to verify that the specified rules meet your requirements.
14. Select Enable policy to start the policy runs at the next scheduled time. If Enable policy is not selected, the policy will not create or delete snapshots.
15. Select Create Policy.