By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Backup: Not including new EC2 which is correctly tagged

0

Hi, I've been using AWS Backup successfully for many months to backup an EC2 instance which has a tag 'Backup' with a value of 'production'. Recently I started up another EC2 instance, tagged it as the other instance, and expected it to be backed up - it wasn't.

Is there a way of doing a dry run to try to determine why this new instance is not being backed up? Or do I need to delete the rule and recreate it each time I add a new tagged resource? I would hope this isn't the case!

Thanks

Topics
Storage
Tags
AWS BackupTagging
Language
English
Houdi
asked 6 months ago291 views
2 Answers
0

Hello.

If you have already set up a backup plan that targets EC2 instances with the tag 'Backup' and value 'production', you shouldn't need to recreate the rule each time you launch a new similarly-tagged EC2 instance.

Here are some steps and checks you can perform to troubleshoot the issue:

Backup Policy Check: Go to the AWS Backup console. Check the backup plan and its associated rules to make sure it's looking for the correct tag and value.

IAM Permissions: AWS Backup requires permissions to back up specific resources. Make sure that the IAM role associated with AWS Backup has the required permissions to back up EC2 instances.

Event Log: Check the CloudWatch Logs or AWS Backup event log to see if there were any errors or warnings during the backup process. This might give you more insights into what went wrong. Initiate Manual Backup:

As a test, try to manually create a recovery point for the new EC2 instance from the AWS Backup console. This can help determine if the issue is with automated backups or something more fundamental.

Resource Selection: Go to the AWS Backup console > Resource selection > Check if the new EC2 instance is listed. If it's not listed, AWS Backup might not be recognizing it due to some issue (e.g., permissions, region mismatch).

Regards, Andrii

profile picture
EXPERT
Andrii S
answered 6 months ago
  • Houdi
    6 months ago

    Thanks for responding. There are no logs at all in cloudWatch for any of my services - I've had Backup running for several months but there are no logs showing for it. I've also got logging turned on for DNS queries and that also doesn't show in CloudWatch. IAM permissions must be correct as the current instance is being backed up.

    Update: The backup image has just appeared yet it shows a creation time of 06:00 (UTC+1) which was five hours ago. I'm guessing it must be a delay. I'm relieved if that's all it was!

    Thanks for your check list. I'd be interested to know how to get backup logs to appear in CloudWatch as I'm not able to get any services to log to it.

0

Ensure that the IAM role attached to AWS Backup has the necessary permissions to put logs into CloudWatch Logs. You'd typically need permissions like logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents.

AWS Backup should be configured to send logs to CloudWatch.

  • Navigate to the AWS Backup console.
  • In the navigation pane, choose Settings.
  • Under Backup audit logging, choose Edit.
  • For Enable backup audit logging, choose Enabled.
  • For Destination log group, choose an existing log group or create a new one.
  • Choose Save.
profile picture
EXPERT
Andrii S
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content