Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon EC2 EBS automatic backup one-liner works manually but not from cron

I am trying to implement an automatic backup system for my EBS on Amazon AWS.

When I run this command as ec2-user:

/opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-********

everything works fine.

But if I add this line into /etc/crontab and restart the crond service:

15 12 * * * ec2-user /opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-********

that doesn't work.

I checked var/log/cron and there is this line, therefore the command gets executed:

Dec 13 12:15:01 ip-10-204-111-94 CROND[4201]: (ec2-user) CMD (/opt/aws/bin/ec2-create-snapshot --region us-east-1 -K /home/ec2-user/pk.pem -C /home/ec2-user/cert.pem -d "vol-******** snapshot" vol-******** )

Can you please help me to troubleshoot the problem?

I guess is some environment problem - maybe the lack of some variable. If that's the case I don't know what to do about it.

Thanks.

like image 252
Dan Avatar asked Dec 13 '12 12:12

Dan


People also ask

How do I automate my EBS backups?

To automate the creation, retention, and deletion of Amazon EBS snapshots, you can use Amazon Data Lifecycle Manager. Automating snapshot management helps you to do the following: Protect valuable data by enforcing a regular backup schedule. Retain backups as required by auditors or internal compliance.

What is the easiest and safest way to backup in Amazon EC2?

If you want to back up an AWS EC2 instance, you should create snapshots of EBS volumes, which are stored with the help of Amazon Simple Storage Service (S3). Snapshots can capture all data within EBS volumes and create their exact copies.

How do I schedule an EC2 backup?

Sign in to the AWS Management Console, and open the AWS Backup console at https://console.aws.amazon.com/backup . From the dashboard, choose Manage Backup plans. Or, using the navigation pane, choose Backup plans and choose Create Backup plan.


1 Answers

You should consider taking advantage of AWS's new IAM Roles functionality. Essentially what you do is create a new role in the IAM control panel and then assign it rights to create snapshots. The policy you would need to attach to the role would look something like this:

{
  "Statement": [
    {
      "Sid": "Stmt1355446824880",
      "Action": [
        "ec2:CreateSnapshot",
        "ec2:DescribeSnapshots",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Then when you create your instance, you define the IAM role in the launch configuration (it's under "advanced settings"). The effect is that your instance now automatically has permission to create snapshots and you don't have to worry about storing the access keys or other credentials anywhere on the instance. It will work via cron without issue.

like image 66
jamieb Avatar answered Oct 26 '22 18:10

jamieb