Automating EC2 Backups with Lambda

As I continue expanding my AWS skills, I find hands-on practice essential for keeping my automation knowledge sharp. In this walkthrough, I’ll show how I automated EC2 snapshot backups using AWS Lambda, EventBridge, and the AWS Toolkit in VSCode. Follow along to implement this yourself!

Prerequisites:

1.      You need to create a lambda function. You can name it whatever you want, I named mine “LambdaEC2DailySnapshot”, no configuration is needed so you can create a new execution role to create the function.

2.       Create an EC2 without a key-pair. This is just for practice so there is no need to optimize the EC2.

3.      Download the AWS Toolkit extension onto your VSC and sign into your AWS account. Once you are signed in, find your newly created Lambda function in the explorer dropdown menu and right-click to download the lambda. It should have the default “Hello from Lambda!” lambda function code.

Now that you have all your resources set up and our  Lambda function code downloaded to your VSC, we can edit the function to automate EC2 Backups.

Step 1: Modify the Lambda Code

First we need to add our import statements:

import json
import boto3
import logging
from datetime import datetime        

Then create the logger:

logger = logging.getLogger()        

and call the logger and the set the level:

logger.setLevel(logging.INFO)        

Now we can start working on the code within the lambda function.

Input the code for the boto3 client to connect with your EC2. Add a timestamp to differentiate the backups.

def lambda_handler(event, context):
ec2 = boto3.client('ec2')
current_date = datetime.now().strftime("%Y-%m-%d")        

We now need to create a try request with an error handling when attempting to create the snapshot. Notice how we are calling “current_date” to differentiate the snapshots created.

try:
        response = ec2.create_snapshot(
            VolumeId='vol-019d621faf9fe1f41',
            Description='My EC2 Snapshot',
            TagSpecifications=[
                {
                    'ResourceType': 'snapshot',
                    'Tags': [
                        {
                            'Key': 'Name',
                            'Value': f"My EC2 snapshot {current_date}"
                            }
                        ]
                    
                    }
                ]              
            )
        logger.info(f"Successfully created snapshot: {json.dumps(response, default=str)}")
    
    except Exception as e:
        logger.error(f"Error creating snapshot: {str(e)}")        

You will need to look up the VolumeId from your newly created EC2 and input it. You can easily do this by going into the EC2 instances section on your console and clicking on the storage tab for your selected EC2. The Volume ID value will be different for everyone.

Delete the return statement from the downloaded code.

Step 2: Local Testing

Create a template.yaml and event.json file. Make sure you have the aws-sam-cli and docker installed and start and enable docker!

In the template.yaml file you will need to input the sam (serverless application model) configuration like so:

Resources:
  
  LambdaEC2DailySnapshot:
    Type: AWS::Serverless::Function
    Properties:
      Handler: lambda_function.lambda_handler
      Runtime: python3.12
      CodeUri: .
        

Keep in mind that the you may need to adjust the parameters depending on your lambda name and Runtime you used for your lambda function.

In the event.json file we just need an empty curly brace since we are not passing anything and only need this to initiate our call.

{}        

Once you have your files set up, we can locally run the function to test if it works without error. You can do this by running in your terminal:

sam local invoke -e event.json        

If you get a successful response, then check your snapshots in the console under the Elastic Block Store dropdown menu and you should see your newly created snapshot.

Step 3: Deploy and Permissions

Now that we know the Lambda function works locally we need to upload the code back into the lambda console. You can do this by right-clicking your lambda function in the AWS-toolkit and clicking “Upload Lambda”. This will prompt a warning if you would like to publish the code to the $LATEST version of the lambda, click yes and the code should be populated on the lambda function console page.

Since we created this lambda with the default execution role, we now need to update the execution role to give it access to EC2 permissions. If we go to the configuration section and then the permissions tab you will see the execution role listed in blue font. Click on it to take you to the IAM permission page for the role. Now add the permission and search for EC2 and check mark the “AmazonEC2FullAccess” for full permissions to EC2.

Step 4: Schedule with EventBridge

Let’s automate this task with EventBridge scheduler!

Head over to EventBridge in the console and click EventBridge schedule from the "Get started" menu and click create rule. Give your schedule a name and make it a recurring schedule and rate-based schedule for simplicity. Make the rate 24 hours so it creates a snapshot once per day. Turn off Flexible Time Window and set the date and time you want the schedule to run, preferably a few minutes after you complete the setup so you can see if it works as intended. Hit Next.

Our target is our lambda function so click on AWS Lambda and find the function you want to invoke, then click next.

On the next page click on skip to submit and then submit the schedule.

Once your current time is passed the EventBridge Schedule time, you can check to see if the snapshot was created back in your snapshots page we visited earlier. If the snapshot was successful, you should see a new snapshot created at the designated time.

You can check the CloudWatch logs to get more precise information in your Lambda Function console page to see the exact process or to help resolve any errors. For example, I forgot to update my VolumeID before uploading my lambda from AWS Toolkit, which caused the lambda function to fail. Oops! Without the logs I would have spent some time scratching my head on why it was failing.

 Cleanup

And that is it! We have successfully automated a daily EC2 snapshot. Make sure to clean up the environment so we do not have any recurring billing issues after completing this exercise. Delete your EventBridge Schedule, Snapshots and EC2 instance. Deleting the Lambda Function is optional as it will not incur a cost unless it is being invoked.

Why This Matters

Automating backups is a small but powerful way to reduce operational overhead. This project helped me:Automating backups is a small but powerful way to reduce operational overhead. This project helped me:

• Solidify my understanding of Lambda-EC2 integration.
• Learn to troubleshoot via CloudWatch Logs.

Next Steps:

• Add snapshot retention policies.
• Extend to multi-region backups.