I am trying to implement an automatic backup system for my EBS on Amazon AWS.
When I run this command as ec2-user
:
/opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-********
everything works fine.
But if I add this line into /etc/crontab
and restart the crond
service:
15 12 * * * ec2-user /opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-********
that doesn't work.
I checked var/log/cron
and there is this line, therefore the command gets executed:
Dec 13 12:15:01 ip-10-204-111-94 CROND[4201]: (ec2-user) CMD (/opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-******** )
Can you please help me to troubleshoot the problem?
I guess is some environment problem - maybe the lack of some variable. If that's the case I don't know what to do about it.
Thanks.
To automate the creation, retention, and deletion of Amazon EBS snapshots, you can use Amazon Data Lifecycle Manager. Automating snapshot management helps you to do the following: Protect valuable data by enforcing a regular backup schedule. Retain backups as required by auditors or internal compliance.
If you want to back up an AWS EC2 instance, you should create snapshots of EBS volumes, which are stored with the help of Amazon Simple Storage Service (S3). Snapshots can capture all data within EBS volumes and create their exact copies.
Sign in to the AWS Management Console, and open the AWS Backup console at https://console.aws.amazon.com/backup . From the dashboard, choose Manage Backup plans. Or, using the navigation pane, choose Backup plans and choose Create Backup plan.
You should consider taking advantage of AWS's new IAM Roles functionality. Essentially what you do is create a new role in the IAM control panel and then assign it rights to create snapshots. The policy you would need to attach to the role would look something like this:
{
"Statement": [
{
"Sid": "Stmt1355446824880",
"Action": [
"ec2:CreateSnapshot",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Then when you create your instance, you define the IAM role in the launch configuration (it's under "advanced settings"). The effect is that your instance now automatically has permission to create snapshots and you don't have to worry about storing the access keys or other credentials anywhere on the instance. It will work via cron without issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With