chanciturnervgt2

Automate AWS Backups with AWS Service Catalog | Amazon VGT2 Las Vegas

by

VGT2 Las Vegas
in

Automate AWS Backups with AWS Service Catalog | Amazon VGT2 Las VegasMore Info

For organizations managing multiple AWS accounts and diverse teams, establishing effective cloud governance can be a formidable challenge. The intricate balance between accelerating developer productivity and adhering to centralized governance standards can impede the very innovation you seek to promote. Thankfully, AWS Service Catalog, in conjunction with AWS Backup, provides a robust framework for self-service solutions that align with your enterprise’s requirements.

AWS Service Catalog enables organizations to develop and centrally oversee sanctioned catalogs of IT services to meet compliance standards. This tool empowers your development teams to deploy only the approved IT services they require. To enhance this structure, AWS Backup serves as a fully managed backup service that allows you to configure backup policies centrally and monitor backup activities across AWS resources.

In this article, we will illustrate how to automate backups for AWS Service Catalog products utilizing AWS Backup. This solution facilitates the standardization of resource provisioning through tags and ensures compliance with backup policies. It also enables the identification of specific resources for backup purposes. In this self-service model, as development teams provision resources, they proactively select resources that align with the appropriate backup policies. For related insights, you can check out this another blog post.

Overview of AWS Service Catalog

AWS Service Catalog is designed around products—these are the AWS CloudFormation templates utilized to provision resources in your AWS account. Administrators group these products with configuration details and distribute them as portfolios. The service includes templates aligned with AWS best practices available in the Getting Started Library. These reference architectures can expedite your provisioning process through AWS Service Catalog.

A vital best practice for managing resources at scale involves employing case-sensitive resource tags that adhere to an enterprise tagging strategy. AWS Service Catalog supports this approach through its TagOptions library, ensuring that each provisioned product is consistently and appropriately tagged.

When setting up your tags for AWS Backups, you will need to create entries such as backup=daily, backup=weekly, and backup=monthly. These tags guarantee that provisioned products inherit the AWS Backup policies upon deployment.

Overview of AWS Backup

With AWS Backup, you can define a backup plan—a policy that specifies the frequency and retention of backups within a designated backup vault. This policy applies to protected resources, including DynamoDB tables and Amazon Elastic File System (Amazon EFS) file systems. The backups defined by this policy are securely stored in an encrypted backup vault for the duration of the retention period. Resource tags simplify the identification of protected resources. By configuring your backup plans just once, you can target specific tags for identifying the resources that need backing up. Any resources that match the tag selection criteria will automatically be incorporated into your backup plan.

Administrators within each AWS account can establish policies governing backups and retention.

We will create account-level policies that correspond with AWS Backup templates, leading to the development of backup plans for daily, weekly, and monthly backups. The resource assignments for these backup policies will be driven by the presence of tags: ‘backup=daily’, ‘backup=weekly’, and ‘backup=monthly’. These policies will be established later in this article using AWS CloudFormation.

Implementation of the Solution

To construct the components of this solution, you will engage with AWS Backup, AWS CloudFormation, and AWS Service Catalog. You will deploy the backup policies and provision a product with tags sourced from the TagOption library that aligns with your backup plan.

Step 1: Configuring AWS Backup

To initiate, let’s go to AWS Backup. The following steps outline the manual procedures to create three backup plans and populate the backup tag in the AWS Service Catalog TagOption library. AWS Backups supports AWS CloudFormation for automation as well.

  1. Log in to your AWS account.
  2. Navigate to AWS Backup in the AWS Management Console.
  3. Create a new backup plan, referring to it as “BackupPlanWithDailyBackups”.

This template sets various options for the backup rules. Note that these templates will utilize a default backup vault and an AWS Key Management Service encryption key for that vault. Should you need different encryption keys or access policies for various backup groups, you can create multiple backup vaults. The next step involves assigning resources to implement tag-based backup.

This post discusses backup plans named: BackupPlanWithDailyBackups, BackupPlanWithWeeklyBackups, and BackupPlanWithMonthlyBackups linked with tags: backup=daily, backup=weekly, and backup=monthly. You should repeat these steps with appropriate configurations for the remaining two backup plans.

Now you have created backup policies that will be automatically applied when provisioning a resource tagged with backup=daily, backup=weekly, or backup=monthly. As your retention and vault access needs evolve, you could potentially add more backup policies for workloads such as backup=HIPAA.

Step 2: Provisioning an AWS CloudFormation Stack for AWS Service Catalog

For this example, we will utilize a portfolio containing reference architecture products for Amazon Elastic Compute Cloud (Amazon EC2). These can be found in the Getting Started Library of the AWS Service Catalog console. While we are using an EC2 portfolio as our example, automatic backups can be enabled for various AWS services.

  1. Log in to your AWS account.
  2. Navigate to AWS CloudFormation in the AWS Management Console.
  3. Use the button below to launch the AWS CloudFormation stack that creates an AWS Service Catalog portfolio for this example.
  4. On the create stack page, select Next.
  5. Specify stack details and select Next (you may modify the stack name or linked roles if desired).
  6. On the configure stack options page, select Next.
  7. Review the Portfolio page.
  8. Check the box stating: I acknowledge that AWS CloudFormation might create IAM resources and click Create stack.
  9. Check the box acknowledging that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  10. Select Create Stack.

Wait until the Stack status changes to CREATE_COMPLETE. You have now established a portfolio of products—Service Catalog EC2 reference architecture—in AWS Service Catalog.

Step 3: Configuring Service Catalog

To ensure each provisioned resource is accurately tagged for backups, we will create TagOptions within AWS Service Catalog. These will include specific tags for backups occurring daily, weekly, and monthly.

  1. Log in to your AWS account using your AWS Service Catalog administrator role.
  2. Navigate to AWS Service Catalog in the AWS Management Console.
  3. Under Administration, select Portfolios, and then choose your newly created portfolio.
  4. In the “Groups, roles and users” tab, confirm that your portfolio is shared with the desired end users for self-service provisioning.
  5. Go to the TagOptions tab.

For further insights and resources, this excellent resource provides valuable information on the topic. Additionally, you can refer to this authority on the subject for more comprehensive details.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *