Backup-Selection does not exclude volumes from ec2 Instances

Question

I want to backup all my EC2-Instances with a Backup-Plan expect one large Volume used for often-changed temporary data. Because of that I want to exclude this disks from snapshots being made from my EC2-Instances. I have added a backup-selection like this:

```
{
  "BackupPlanId":"5678",
  "BackupSelection":{
    "SelectionName":"resources-list-selection", 
    "IamRoleArn":"arn:aws:iam::1234:role/service-role/AWSBackupDefaultServiceRole",
    "Resources":[
      "arn:aws:ec2:*:*:instance/*"
    ],
    "NotResources":[
        "arn:aws:ec2:eu-central-1:1234:volume/vol-343092438cskajb"
    ]
  }
}
```

Answer

NotResouce statement for EBS volume doesn't do anything as your plan includes only EC2 instances (but no EBS volumes). It would feel logical that volumes from instances would be inherited to the plan but that is not how this works. If you would change Resources to be all EBS volumes then you would get snapshot all but that single volume. But then you would loose the information what volumes are attached to what instance :-(

If you would think how excluding volumes from instances would work, it isn't without problems. If you don't include some volumes, would instance be able to start when volume is missing but still present in OS configuration?

Not sure how large your temp volume is, but sometimes it could be just easier to accept extra backup. Other option would be using instance type with instance store volume(s). Instance store is not included in backup.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-store-volumes.html

Backup-Selection does not exclude volumes from ec2 Instances

相关内容