Versions Compared

Old Version 3

changes.mady.by.user Alexander Meledin

Saved on

compared with

New Version 4

changes.mady.by.user Alexander Meledin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Backup and Replication

Cloudaware Backups module is capable of performing scheduled backups of EC2, RDS,RDS Clusters, S3 Instances, Google Discs. Additional plugins are available for backing up MySQL, MongoDB and DynamoDB databases.

Source

Supported Target(s)

Regional Replication Support

Multi-Account Support

Supported Frequencies


AMI

Y

N

Daily, Weekly, Monthly

RDS

RDS Snapshots

Y

N

Daily, Weekly, Monthly

MySQL

S3, Glacier, AWS Storage Gateway

N

N/A

Hourly, Daily, Weekly, Monthly

MongoDB

AMI, S3

Y for AMI

N/A

Hourly, Daily, Weekly, Monthly

DynamoDB

S3

N

Y

Hourly, Daily, Weekly, Monthly

S3

S3

Y

Y

Hourly, Daily, Weekly, Monthly

In order to perform MySQL and MongoDB backups to S3, Cloudaware will need access to the operating system via SSH.


EC2 Instance Backup

Enabling EC2 Instance Backup

Sign in to your Cloudaware account. Go to Admin → Backup. To set up a global backup policy, go to the "Settings" tab and select the account.





















To enable scheduled backups, select the time backups will start on from the list in 'Start at'.

Note

A backup task will back up all non-terminated instances, including instances in a 'stopped' state.

You can also select any instance from the list under the 'EC2 instances' tab and set the backup policy for it. This will override the global backup policy set on the account.

Disabling EC2 Instance Backup

To disable scheduled backups for EC2 Instance, select the instance under question and click ''Remove Policy'':













Note

Existing backups will be stored until they expire according to the backup policy rules. If an instance is terminated, backups are stored as well until they expire.


Backup Metadata

AMI Description will contain the following information about the original instance from which a backup is taken:

  • Instance ID

  • Key

  • Security Group(s)

  • Instance Type

  • Availability Zone

  • Public IP Address

In addition AMI will contain 2 backups tags:

  • Instance ID

  • Policy Type


Cost allocation tags can be applied to AMIs as well. Contact support@cloudaware.com for additional details.


Viewing EC2 Instance Backup Status

By looking at any instance in Cloudaware, we can tell what backup policies are in effect and check their status.

The following fields mark the backup policy and the backup status:

  • Daily Backups (the number of daily snapshots specified by the policy)

  • Daily Backups Status (the actual number of available consecutive AMIs starting from today™s date)


    Tip

    For example, today is the 10th day of a month and Daily Backups field has value of 7 but Daily Backup Status has value of 3.It means that Cloudaware only found backups for the last 3 days and the backups for the other 4 days that should be there are not present.Whenever the backup policy does not equal the backup policy’s status, a backup is missing.


  • Weekly Backups

  • Weekly Backups Status

  • Monthly Backups

  • Monthly Backups Status


In order to view EC2 Instance backups, navigate to an instance of choice.Scroll down until you see a related list called EC2 Instance Backups.


Backup Tags

EC2 backup functionality relies on AWS tags to advise the backup scheduled task on how an instance should be backed up.

AWS backup tag name is: gig-backup

AWS backup tag value is: Nd-Nw-Nm, where N is number of days/weeks/months


Tip

For example, a backup policy 3d-10w-12m creates daily backups every day androtates them over the period of 3 days, a weekly backup which will be rotated over 10weeks and a monthly backup which will be rotated over 12 months. Hyphens can be omitted.


Examples of valid backup tag values:


Tip

1. 3d-10w-12m
2. 4d10w12m
3. 3d-10w
4. 3d
5. 3


3 and 4 are equivalent due to backwards compatibility.


Orphaned Backup Retention

The Orphaned Backup Retention allows to manage an AMI clearing process.When setting up the global backup policy, insert the number of days in the 'Orphaned Retention (Days)' field.


...















Note

If an instance is stopped or has the backup tag removed, the images will still be stored.


EC2 Images Replication

To enable EC2 images replication, add the tag gig-replicate in the following format to an instance:

AWS backup tag name is: gig-replicateAWS backup tag value is: N@REGION (multiple policies should be separated by semicolon) where N is a number of images to replicate and REGION is the destination region.

For example, a replication policy "2@us-west-1; 3@us-west-2" will replicate 2 latest AMIs of the instance to the us-west-1 region and 3 AMIs – to the us-west-2.

Examples of valid replicate tag values:


Tip

10@us-west-1
5@us-west-2; 3@eu-west-1


RDS Instance Backup

RDS Instance backup works exactly the same as EC2 Instance Backup described above with one exception: RDS Snapshots only have tag-based metadata.


S3 Bucket Backup

S3 buckets can be backed up to another S3 bucket within the same or another AWS account. Both source and target accounts have to be added to Cloudaware.


Cloudaware IAM user which is used to access the source bucket must have write access to the target bucket in the target AWS account.


































S3 Backups are using tags. The buckets that need to be backed up must have tags applied in the following format: 1d0w0m@cf-templates-1ajskw0nz6e8-us-east-1

AWS backup tag name is: gig-backupAWS backup tag value is: Nd-Nw-Nm@BucketName-region

For example, the tag 1d0w0m@mybucket-us-east-1 takes the source bucket and copies its content to the target bucket once a day.

Cloudaware creates a directory gig-backup in the target bucket. Inside this directory you can see directories for each source bucket.

Cloudaware automatically deletes folders with data that falls outside the backup policy retention criteria.

  1. Create a target bucket.

  2. Apply the following IAM policy to the target bucket.

BUCKET_NAME is the target bucket. It is assumed that a Cloudaware user already has access to the source buckets.

Ensure that every source Cloudaware account is granted access to the target bucket.

Sample


Code Block
{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "Backup Bucket Policies",

  "Resources" : {
    "S3BucketPolicy" : {
      "Type" : "AWS::S3::BucketPolicy",
      "Properties" : {
        "Bucket" : "BUCKET_NAME",
        "PolicyDocument" : {
          "Statement" : [
            {
              "Principal" : { "AWS" : [
                "arn:aws:iam::ACCOUNT_ID_A:user/CloudawareIAMUserA",
                "arn:aws:iam::ACCOUNT_ID_B:user/CloudawareIAMUserB"
              ] },
              "Resource" : [ "arn:aws:s3:::BUCKET_NAME" ],
              "Effect" : "Allow",
              "Action" : [ "s3:List*" ]
            },
            {
              "Principal" : { "AWS" : [
                 "arn:aws:iam::ACCOUNT_ID_A:user/CloudawareIAMUserA",
                "arn:aws:iam::ACCOUNT_ID_B:user/CloudawareIAMUserB"
              ] },
              "Resource" : [ "arn:aws:s3:::BUCKET_NAME/*" ],
              "Effect" : "Allow",
              "Action" : [ "s3:Get*", "s3:Put*", "s3:Delete*" ]
            }
          ]
        }
      }
    }
  }
}