람다 부분에 대한 설명 위주로 합니다.
AWS Backup vault를 만드는 것은 안다룹니다.
아래 정책은 AWS Backup job을 생성하기 위해서 필요로 함.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"backup:StartRestoreJob",
"backup:DescribeRestoreJob",
"backup:ListBackupVaults",
"backup:ListRecoveryPointsByBackupVault",
"backup:GetRecoveryPointRestoreMetadata"
],
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StartBackupJobPermission",
"Effect": "Allow",
"Action": "backup:StartBackupJob",
"Resource": "*"
},
{
"Sid": "PassRolePermission",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::xxxxxxxxxxxx:role/service-role/AWSBackupDefaultServiceRole"
]
}
]
}
import boto3
ec = boto3.client('ec2')
backup_client = boto3.client('backup')
def get_instances_with_asg_name_tag():
reservations = ec.describe_instances(
Filters=[
{
'Name': 'tag:Name',
'Values': ['2nd-asg-img']
},
]
).get('Reservations', [])
instances = sum([[i for i in r['Instances']] for r in reservations], [])
return instances
def start_backup_job(backup_vault_name, iam_role_arn, resource_arn):
response = backup_client.start_backup_job(
BackupVaultName=backup_vault_name,
ResourceArn=resource_arn,
IamRoleArn=iam_role_arn
)
backup_job_id = response['BackupJobId']
print(f"Started backup job with ID: {backup_job_id}")
return backup_job_id
def lambda_handler(event, context):
instances_to_backup = get_instances_with_asg_name_tag()
if instances_to_backup:
instance_arn = f"arn:aws:ec2:ap-northeast-2:xxxxxxxxxxxx:instance/{instances_to_backup[0]['InstanceId']}"
backup_vault_name = "2nd-mission-backup-vault"
iam_role_arn = "arn:aws:iam::xxxxxxxxxxxx:role/service-role/AWSBackupDefaultServiceRole"
start_backup_job(backup_vault_name, iam_role_arn, instance_arn)
return {
'message': 'Backup job initiated successfully.'
}
def get_instances_with_asg_name_tag():
reservations = ec.describe_instances(
Filters=[
{
'Name': 'tag:Name',
'Values': ['2nd-asg-img']
},
]
).get('Reservations', [])
instances = sum([[i for i in r['Instances']] for r in reservations], [])
return instances
def lambda_handler(event, context):
instances_to_backup = get_instances_with_asg_name_tag()
if instances_to_backup:
instance_arn = f"arn:aws:ec2:ap-northeast-2:xxxxxxxxxxxx:instance/{instances_to_backup[0]['InstanceId']}"
backup_vault_name = "2nd-mission-backup-vault"
iam_role_arn = "arn:aws:iam::xxxxxxxxxxxx:role/service-role/AWSBackupDefaultServiceRole"
start_backup_job(backup_vault_name, iam_role_arn, instance_arn)
return {
'message': 'Backup job initiated successfully.'
}
def start_backup_job(backup_vault_name, iam_role_arn, resource_arn):
response = backup_client.start_backup_job(
BackupVaultName=backup_vault_name,
ResourceArn=resource_arn,
IamRoleArn=iam_role_arn
)
backup_job_id = response['BackupJobId']
print(f"Started backup job with ID: {backup_job_id}")
return backup_job_id
람다가 실행회면 AWS Backup > Jobs에 가면 아래와 같이 생성됨.
성공이 되면 Backup vaults에 저장됨.