如何使用 CloudFormation 模板管理我的 AWS Backup 设置?

2 分钟阅读
0

我想使用 AWS Backup 从其他 AWS 资源备份我的数据。我还想使用 AWS CloudFormation 模板来管理我的 AWS Backup 配置。

解决方法

创建 CloudFormation 模板,请使用受支持的 AWS Backup 资源类型。例如,您可以使用 CloudFormation 模板来创建备份计划并为该备份计划分配资源。您还可以使用模板来创建备份计划、创建备份库以及为备份计划分配资源。

**重要事项:**您的备份计划指定的必须是为备份计划分配资源的标签。请先确定标签,然后再设置备份计划。然后,验证标签是否已分配给相应资源,该标签在备份计划中是否拼写无误。

用于创建备份计划并为该备份计划分配资源的模板

以下 YAML 中的 CloudFormation 示例模板可以执行这些任务:

  • 创建一个名为 BackupPlanWithThinBackups 的备份计划。
  • 将备份设置为存储在名为 Default 的存储库中。
  • 创建名为 RuleForDailyBackups 且每天上午 11:25 定时运行备份的备份规则。
  • 开启 Windows VSS。
  • 将生命周期设置为在创建备份七天后删除该备份。
  • CopyAction 设置为将备份复制到 us-west-2 AWS 区域以进行灾难恢复。
  • 使用名为 AWSBackupDefaultServiceRole 的 AWS Identity and Access Management (AWS IAM) 角色来运行备份任务。
  • 将备份计划分配给标有 backupplan 键和 dsi-sandbox-daily 值的所有资源。
AWSTemplateFormatVersion: 2010-09-09
Description: >-
  Backup Plan template to back up all resources tagged with backupplan=dsi-sandbox-daily at 11:25am
  UTC.
Resources:
  BackupPlanWithThinBackups:
    Type: "AWS::Backup::BackupPlan"
    Properties:
      BackupPlan:
        BackupPlanName: "BackupPlanWithThinBackups"
        AdvancedBackupSettings:
          -
            ResourceType: EC2
            BackupOptions:
              WindowsVSS: enabled
        BackupPlanRule:
          -
            RuleName: "RuleForDailyBackups"
            TargetBackupVault: Default
            ScheduleExpression: "cron(25 11 ? * * *)"
            Lifecycle:
              DeleteAfterDays: 7
            CopyActions:
              -
                  DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default
                  Lifecycle:
                   DeleteAfterDays: 14
  TagBasedBackupSelection:
    Type: "AWS::Backup::BackupSelection"
    Properties:
      BackupSelection:
        SelectionName: "TagBasedBackupSelection"
        IamRoleArn: !Sub "arn:aws:iam::111222333444:role/service-role/AWSBackupDefaultServiceRole"
        ListOfTags:
         -
           ConditionType: "STRINGEQUALS"
           ConditionKey: "backupplan"
           ConditionValue: "dsi-sandbox-daily"
      BackupPlanId: !Ref BackupPlanWithThinBackups
    DependsOn: BackupPlanWithThinBackups

用于创建备份计划、创建备份库以及为备份计划分配资源的模板

以下 YAML 中的 CloudFormation 示例模板可以执行这些任务:

  • 创建名为 Default 的备份存储库。
  • 创建一个名为 BackupPlanWithThinBackups 的备份计划。
  • 将备份设置为存储在名为 BackupVaultWithThinBackups 的存储库中。
  • 创建名为 RuleForDailyBackups 且每天按计划运行备份的备份规则。这些备份将在创建 7 天后删除。
  • 开启 Windows VSS。
  • CopyAction 设置为将备份复制到 us-west-2 AWS 区域以进行灾难恢复。这些备份将在创建 14 天后删除。
  • 创建名为 RuleForWeeklyBackups 且每周一上午 11:00 定时运行备份的备份规则。这些备份将在创建 28 天后删除。
  • 创建名为 RuleForMonthlyBackups 且每月 1 日上午 11:00 定时运行备份的备份规则。这些备份将在创建 90 天后删除。
  • 使用名为 AWSBackupDefaultServiceRole 的 IAM 角色来运行备份任务。
  • 将备份计划分配给标有 backup 键和 thinbackup 值的所有资源。
AWSTemplateFormatVersion: "2010-09-09"
Description: "Backup Plan template for thin backups"
Resources:
  BackupVaultWithThinBackups:
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithThinBackups"

  BackupPlanWithThinBackups:
    Type: "AWS::Backup::BackupPlan"
    Properties:
      BackupPlan:
        BackupPlanName: "BackupPlanWithThinBackups"
        AdvancedBackupSettings:
          -
            ResourceType: EC2
            BackupOptions:
              WindowsVSS: enabled
        BackupPlanRule:
          -
            RuleName: "RuleForDailyBackups"
            TargetBackupVault: !Ref BackupVaultWithThinBackups
            ScheduleExpression: "cron(25 11 ? * * *)"
            Lifecycle:
              DeleteAfterDays: 7
            CopyActions:
              -
                  DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default
                  Lifecycle:
                   DeleteAfterDays: 14
          -
            RuleName: "RuleForWeeklyBackups"
            TargetBackupVault: !Ref BackupVaultWithThinBackups
            ScheduleExpression: "cron(0 11 ? * 2 *)"
            Lifecycle:
              DeleteAfterDays: 28
            CopyActions:
              -
                  DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default
                  Lifecycle:
                   DeleteAfterDays: 14
          -
            RuleName: "RuleForMonthlyBackups"
            TargetBackupVault: !Ref BackupVaultWithThinBackups
            ScheduleExpression: "cron(0 11 1 * ? *)"
            Lifecycle:
              DeleteAfterDays: 90
            CopyActions:
              -
                  DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default
                  Lifecycle:
                   DeleteAfterDays: 14
    DependsOn: BackupVaultWithThinBackups

  TagBasedBackupSelection:
    Type: "AWS::Backup::BackupSelection"
    Properties:
      BackupSelection:
        SelectionName: "TagBasedBackupSelection"
        IamRoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/service-role/AWSBackupDefaultServiceRole"
        ListOfTags:
         -
           ConditionType: "STRINGEQUALS"
           ConditionKey: "backup"
           ConditionValue: "thinbackup"
      BackupPlanId: !Ref BackupPlanWithThinBackups
    DependsOn: BackupPlanWithThinBackups

相关信息

AWS Backup 故障排查

AWS 官方
AWS 官方已更新 7 个月前
没有评论