AWS Backup is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services. Using backup service data is stored within or across the region, how ever when AWS account is handed over to customers their internal teams spin up new instances in production account and sometimes by third party vendor new servers are created.

AWS Backup service can detect only servers which are added with ‘Tag’, in case newly launched instances are with absence of tags the Backup Service will not be able to detect and perform backup for that service and it can lead to big data loss in case server gets crashed.

To avoid such incidents ACME has automated backup for newly launched instances using following services:

• AWS Lambda
• Amazon CloudWatch
• AWS Backup Service

How ACME performs automated backup?

All resources from different accounts are backed up in single centralized account and account access has been given to only responsible team members.

Fig. Centralized backup for multiple accounts

How ACME enables auto-backup for newly created Instances?

Below diagram illustrates the working of backup mechanism.

• ACME has created mechanism to auto detect the newly launched instance and based on its state lambda function is notified by CloudWatch events and thereafter lambda function creates new tags i.e. “BACKUP = YES “for newly created instance.
• AWS backup detects the Tag and takes snapshot of the instance based on the backup plan.
• Lambda assumes IAM role which has permission to create tags for EC2 instances.
• All logs are saved in CloudWatch logs.