Automated EBS snapshots using Amazon CloudWatch Events
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications running on it. CloudWatch helps you to collect and track metrics for your AWS resources. You can configure alarm to help you react when changes happen to your resources. For example, you can create a alarm when your EC2 instance is utilizing more CPU than the normal usage limit.
You can do more than creating alarm by leveraging the CloudWatch Events feature. In this tutorial, we are going to see the one such use case of CloudWatch Events where you can automate the EBS(Elastic Block Storage) snapshots creation.
What is CloudWatch Events?
Amazon CloudWatch Events helps you to respond to the changes in your AWS resources and to take the necessary corrective actions. With CloudWatch Events you can schedule automated actions using cron or rate expressions.
Prerequisites for this tutorial
- You must have an active AWS account and access to AWS management console.
- An EBS volume for which snapshot creation will be automated. Ideally you can have a EBS backed EC2 instance. You can refer the post launching EC2 instance for detailed steps to spin up the EC2 instance.
Create CloudWatch Events rule
- Open the CloudWatch console (https://console.aws.amazon.com/cloudwatch/).
- For this example, I’m using the region EU (Frankfurt).
- Choose Events in the left navigation pane. Then choose Create rule.
- For the Event Source, choose Schedule.
- For this example, we are going to schedule the EBS snapshots at fixed rate interval. So choose the
Fixed rate ofoption and enter the value as 5 minutes.
- Choose Add target. Select the
EC2 CreateSnapshot API callfrom the drop down.
- For Volume ID, grab your EBS volume ID and paste it here. Then choose Configure details.
Note: To get EBS volume ID, go to EC2 console and choose Volumes under ELASTIC BLOCK STORE in left navigation pane.
- In the next step, provide the details for Rule definition. Enter the name for Rule and optional description.
- For AWS permissions, choose Create new role. Then select Basic events execution role. This automatically creates a new IAM role which will allow CloudWatch to access your EC2 resources.
- Now you will be taken to IAM console which will request your permission to access the resources in your AWS account.
- Give the Role Name of your choice. For this example, I have given the name as
- You can review the policy document which is attached for this IAM role.
- Choose View Policy Document. You should see the policy listed in JSON format.
- You can edit the policy document as per your need. For example, you might not want to allow the
ec2:TerminateInstancesaction for the role. For this tutorial, I’m leaving the default policy document unchanged. Now choose Allow.
- Now you will be taken back to Configure rule details page with the IAM role selected.
- Choose Create rule.
- You should now see the Success message for rule created.
Check your EBS Snapshots
You have created the CloudWatch Events rule to automate the EBS snapshots creation at a fixed interval of 5 minutes. Now go ahead to the EC2 console and check the Snapshots under ELASTIC BLOCK STORE in the left navigation pane.
After a 5 minutes interval, you should see the EBS snapshot created.
Clean up your resources
Disable or delete the CloudWatch Events rule
Go to the CloudWatch console and disable or delete the events rule.
Clean up the EC2 instance and EBS volume
In case if you have launched the EC2 instance for this tutorial, stop or terminate those in order to stop incurring charges.
Make sure to delete the EBS volume if you have created it for this tutorial. Also delete the EBS snapshot which is created automatically if you do not need it.
Delete the AWS Events IAM role
Go to the IAM console and delete the IAM role (
My_AWS_Events_Role) created as part of this tutorial.
You can do more with the CloudWatch Events. Go through the AWS documentation to explore the various options possible with CloudWatch Events. For example, using Events you can invoke AWS Lambda function to update DNS entries when your EC2 instance is ready.
If you have any questions , please post in the comments section. Thank you!