如何从备份中排除附加到 EC2 实例的某些 EBS 卷?
Posted
技术标签:
【中文标题】如何从备份中排除附加到 EC2 实例的某些 EBS 卷?【英文标题】:How do I exclude certain EBS volumes attached to an EC2 instance from being backed up? 【发布时间】:2022-01-12 19:47:57 【问题描述】:我正在开发一种系统范围的备份解决方案,以备份在使用 AWS Backup 的环境中运行的所有 EC2 实例。其中一些附加了似乎也与实例一起备份的 EBS 卷。下面是我的 terraform 代码,它允许每周拍摄快照:
resource "aws_backup_region_settings" "legacy"
resource_type_opt_in_preference =
"Aurora" = false
"DynamoDB" = false
"EFS" = false
"FSx" = false
"RDS" = false
"Storage Gateway" = false
"EBS" = true
"EC2" = true
"DocumentDB" = false
"Neptune" = false
"VirtualMachine" = false
resource "aws_backup_vault" "legacy"
name = "Legacy$var.environment_tag"
kms_key_arn = aws_kms_key.mgn.arn
tags = merge(
local.tags,
"Name" = "Legacy$var.environment_tag"
)
resource "aws_iam_role" "legacy_backup"
name = "AWSBackupService"
permissions_boundary = data.aws_iam_policy.role_permissions_boundary.arn
assume_role_policy = <<POLICY
"Version": "2012-10-17",
"Statement": [
"Action": ["sts:AssumeRole"],
"Effect": "allow",
"Principal":
"Service": ["backup.amazonaws.com"]
]
POLICY
resource "aws_iam_role_policy_attachment" "legacy_backup"
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
role = aws_iam_role.legacy_backup.name
###############################################################################
##
## Weekly Backups
##
###############################################################################
resource "aws_backup_plan" "weekly"
name = "Legacy$var.environment_tagWeekly"
rule
enable_continuous_backup = false
rule_name = "Legacy$var.environment_tagWeekly"
target_vault_name = aws_backup_vault.legacy.name
schedule = var.backup_plan_weekly_schedule
start_window = 60 # minutes
completion_window = 180 # minutes
lifecycle
cold_storage_after = 30 # days
delete_after = 120 # days
copy_action
destination_vault_arn = aws_backup_vault.legacy.arn
lifecycle
cold_storage_after = 30 # days
delete_after = 120 # days
copy_action
destination_vault_arn = aws_backup_vault.secondary.arn
lifecycle
cold_storage_after = 30 # days
delete_after = 120 # days
advanced_backup_setting
backup_options =
WindowsVSS = "enabled"
resource_type = "EC2"
tags = merge(
local.tags,
"Name" = "Legacy$var.environment_tagWeekly"
)
resource "aws_backup_selection" "weekly"
iam_role_arn = aws_iam_role.legacy_backup.arn
name = "Legacy$var.environment_tagWeekly"
plan_id = aws_backup_plan.weekly.id
selection_tag
type = "STRINGEQUALS"
key = "AWSBackup"
value = "weekly"
在 EC2 代码中,我将用“AWSBackup”和“Weekly”标记实例,这似乎工作正常 - 对于所有实例 和 附加卷。如果我不想备份其中一个 EBS 卷 - 有没有办法将其排除在备份之外?
【问题讨论】:
【参考方案1】:It's possible 但尚未在 Terraform 中。 PR 已创建,因此不会花费太长时间。
PR 合并后,您应该能够创建一个aws_backup_selection 并使用“NotResources”来排除您的 EBS 卷。
您还可以标记所有需要备份的资源。然后,您可以创建不带排除项的备份计划。
【讨论】:
以上是关于如何从备份中排除附加到 EC2 实例的某些 EBS 卷?的主要内容,如果未能解决你的问题,请参考以下文章
AWS 自动将 EBS 卷附加到 Elastic Beanstalk 后面的 EC2 实例