未加星标

Bash script to automate EBS volume snapshot

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二05 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

This will be a nugget on how to automate EBS volume snapshot using a bash script.

Need for EBS snapshot:

Data backup is of utmost importance to avoid single point of failure and to restore to a specific point in time in case of corruption. EBS volume snapshot is one of the most resilient way by which you can backup your data in AWS. Using a snapshot, you can create a new AMI and in turn launch a new instance with that AMI. You’ll be ready with the setup identical to the time when the snapshot was taken. It is recommended to take EBS snapshot periodically for data backup

You can read more on what EBS snapshot is and how incremental snapshot works here

Where Can I run this script from ?

You can run this script from your local, a Jump / Bastion server or even from any of the server for which you would like to take EBS snapshot for. We will run the script as part of cron job to make it run at specified interval. So running it from your local machine is not recommended.

Pre-Requisites

There are few pre-requisites that you need to complete for the script to work as expected.

Firstly you need to have the “aws cli” installed in the server from which the script will be run. You should have API keys of an IAM user who has access to Read EC2 information, create and delete EBS snapshots. jq to parse the json output of aws cli commands

Install aws cli:

You can refer this for manually installing aws cli for various distribution. If you are running the script from an EC2 instance, then installing aws cli is simple.

Debian/Ubuntu:

# apt-get install awscli

RedHat/CentOS:

# yum install awscli

Create IAM user:

You can refer this for creating an IAM user. Attach a policy that contains the below set of rules for the IAM user.

{
"Version": "2012-10-17",
"Statement": [
{"Effect": "Allow","Action": [ "ec2:Describe*", "ec2:CreateTags", "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:DescribeSnapshots"],"Resource": "*"
}
]
}

Configure aws cli

Execute the below command to configure aws cli

# aws configure
AWS Access Key ID [None]: <Access Key>
AWS Secret Access Key [None]: <Secret Key>
Default region name [None]: <region>
Default output format [None]: <ENTER>

The configuration wizard will ask you to enter the Access Key, Secret Key, Default Region and the output format. You can pass in the Access and Secret Key of IAM user which you have created in the previous step. By default the output format is json and you can leave it as default.

Install jq

Debian/Ubuntu:

# apt-get install jq

RedHat/CentOS:

# yum install jq Bash script to automate EBS volume snapshot #!/bin/bash ACTION=$1 AGE=$2 if [ -z $ACTION ]; then echo "Usage $1: Define ACTION of backup or delete" exit 1 fi if [ "$ACTION" == "delete" ] && [ -z $AGE ]; then echo "Please enter the age of backups you would like to delete" exit 1 fi function backup_ebs () { prod_instances=`awsec2describe-instances --filters "Name=tag-value,Values=prod*" | jq -r ".Reservations[].Instances[].InstanceId"` for instancein $prod_instances do volumes=`awsec2describe-volumes --filterName=attachment.instance-id,Values=$instance | jq .Volumes[].VolumeId | sed 's/\"//g'` for volumein $volumes do echoCreatingsnapshotfor $volume $(awsec2create-snapshot --volume-id $volume --description "ebs-backup-script") done done } function delete_snapshots () { for snapshotin $(awsec2describe-snapshots --filtersName=description,Values=ebs-backup-script | jq .Snapshots[].SnapshotId | sed 's/\"//g') do SNAPSHOTDATE=$(awsec2describe-snapshots --filtersName=snapshot-id,Values=$snapshot | jq .Snapshots[].StartTime | cut -d T -f1 | sed 's/\"//g') STARTDATE=$(date +%s) ENDDATE=$(date -d $SNAPSHOTDATE +%s) INTERVAL=$[ (STARTDATE - ENDDATE) / (60*60*24) ] if (( $INTERVAL >= $AGE )); then echo "Deleting snapshot --> $snapshot" awsec2delete-snapshot --snapshot-id $snapshot fi done } case $ACTIONin "backup") backup_ebs ;; "delete") delete_snapshots ;; esac Script run through The script takes two parameters ACTION and AGE . ACTION can either be backup or delete . ( ReferStep 3 and 4 ) If the ACTION is delete , then the script expects another parameter AGE . ( Refer Step 12 to 16 ) AGE takes a number and defines the snapshot to be removed in terms of days. For eg, value of 5 will remove snapshots older than 5 days. Based on ACTION , relevant function is called through case statement. ( Refer Step 54 to 64 ) The backup_ebs function first gets the list of instance that has a tag-value that starts with prod ( ― filters “Name=tag-value,Values=prod*” ). The resulting list is assigned to a variable called prod_instances. You can customize the filter as per your need. If you do not enforce a filter, then you will get a list of all the instances running in the Region. ( Refer Step 20 ) Based on the instance id list generated in the previous step, it is then passed through a loop to get the id’s of the volume attached to each instance. ( Refer Step 22 to 25 ) The volume list is further passed into another nested loop where the snapshot is taken against each volume. ( Refer Step 27 to 30 ). While taking snapshot, it is given the description “ ebs-backup-script “ in order to identify that the snapshot was taken by the script ( ― description “ebs-backup-script” ). The delete_snapshots function first gets a list of snapshots available with the description “ ebs_backup-script “. This is to make sure that we do not delete snapshots that were generated manually by a different team/member. ( Refer Step 37 ) The snapshot start time is stored in the variable SNAPSHOTDATE. ( Refer Step 40 ) The present time is stored in seconds in the variable STARTDATE. ( Refer Step 41 ) The end time is stored in seconds based of of the snapshot start time in the variable ENDDATE. ( Refer Step 42 ) The INTERVAL of the snapshot is calculated based on

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: EBSDebianUbuntuTICTI
分页:12
转载请注明
本文标题:Bash script to automate EBS volume snapshot
本站链接:http://www.codesec.net/view/481197.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(34)