How do I set up VSS backup in AWS Backup?

Short description

To create application-consistent backups, use the AWS Backup console to take a Windows Volume Shadow Copy Service (VSS) snapshot.

To use AWS Backup to set up VSS backups for Windows EC2 instances, complete the following steps:

1. If you don't already have an EC2 instance, then create an instance.
2. Set up AWS Systems Manager for the EC2 instance.
3. Update the AWS Systems Manager Agent (SSM Agent) that's installed when you associate the EC2 instance.
4. Use SSM Agent to install the AWSVSSComponents package on the EC2 instance.
5. Create an EC2 role with permissions to take VSS backups, and then attach the role to the EC2 instance.
6. Use AWS Backup to take a backup of the EC2 instance.

To create VSS backups, make sure that you complete all of the prerequisites before you begin.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Create an EC2 instance

If you don't have an EC2 instance, then create an instance. You must use a supported instance size and operating system (Windows Server 2012 or later). You can't use the following unsupported instance sizes for VSS backups:

• t3.nano
• t3.micro
• t3a.nano
• t3a.micro
• t2.nano
• t2.micro

Set up Systems Manager on your EC2 instance

If you already set up Systems Manager on your instance, then proceed to the next section. Otherwise, complete the following steps:

1. Open the Systems Manager console.
2. In the navigation pane, choose Quick Setup, and then choose Get started.
3. For Host Management, choose Create.
4. In the Configuration options section, choose the options that you want to allow for your configuration.
5. In the Targets section, choose how you want to configure your host management.
6. Choose Create.
7. To verify that your instance is associated with Systems Manager, run the describe-instance-associations-status AWS CLI command:

   aws ssm describe-instance-associations-status --instance-id your_instance_id

   Note: Replace your_instance_id with your value.

Update the SSM Agent that's installed when you associate your instance with Systems Manager

SSM Agent is preinstalled on certain EC2 instance types.

To update SSM Agent, complete the following steps:

1. Open the Systems Manager console.
2. In the navigation pane, under Node Tools, choose Run Command, and then choose Run a Command.
3. Search for and then choose AWS-UpdateSSMAgent.
4. Under Target selection, use tags or a resource group to select your instance. You can also manually select instances.
5. (Optional) Choose configurations for output options, Amazon CloudWatch alarms, and Amazon Simple Notification Service (Amazon SNS) notifications.
6. Choose Run.

Install the AWSVSSComponents package on the EC2 instance

To install the VSS package, complete the following steps:

1. Open the Systems Manager console.
2. In the navigation pane, under Node Tools, choose Run Command, and then choose Run a Command.
3. Search for and then choose AWS-ConfigureAWSPackage.
4. In the Command parameters section, for Action, choose Install. For Name, choose AwsVssComponents. Leave the Version box empty so that Systems Manager installs the latest version.
5. Under Target selection, use tags or a resource group to select your instance. You can also manually select your instance.
6. (Optional) Choose configurations for output options, CloudWatch alarms, and Amazon SNS notifications.
7. Choose Run.

Create an EC2 role with permissions to take VSS backups

To create a VSS backup, attach additional permissions to the EC2 instance role. Complete the following steps to create a policy, attach the policy to a role, and then attach the role to your EC2 instance.

1. Create an AWS Identity and Access Management (IAM) policy. The policy must be similar to the policy that's shown in Use an IAM managed policy to grant permissions for VSS based snapshots.
2. Create an IAM role called VssSnapshotRole. Attach the policy that you created in step 1 to this IAM role. Then, attach the AWS managed policy AmazonSSMManagedInstanceCore to the role.
3. Attach your IAM role to the EC2 instance.

Use AWS Backup to take a backup of the EC2 instance

Complete the following steps:

1. Open the AWS Backup console.
2. In the navigation pane, under My account, choose Dashboard.
3. Choose Create on-demand backup.
4. In the Settings section, for Resource type, choose EC2. Add the details of your EC2 instance.
5. In the Advanced backup settings section, select the Windows VSS checkbox.
6. Choose Create on-demand backup.

You can also use a backup plan to create backups. If you use this method, then make sure that you select the Windows VSS checkbox in your backup plan.

Note: Your EC2 instance must not be in the Stopped state when the VSS backup is running.

Review the results

A backup job with a status of Completed doesn't mean that the VSS operation is successful. To determine if a backup is application-consistent, crash-consistent, or failed, complete the following steps:

1. Open the AWS Backup console.
2. In the navigation pane, under My Account, choose Jobs.
3. Check the status of your backup job. You see one of the following statuses:
   A Completed status indicates that the backup is successful and the application is consistent (VSS).
   A Completed status with a green warning sign indicates that the VSS operation failed and that AWS Backup created only a regular backup.
   A Failed status means that the backup is unsuccessful.
4. To view additional details for the backup, choose the individual backup job. For example, the details might indicate that the VSS backup failed because of a timeout during the VSS-activated snapshot creation. To troubleshoot VSS errors, see How do I troubleshoot Amazon EC2 VSS failures in AWS Backup?