Daily automation of Amazon Machine Image (AMI) export is vital for keeping IT systems strong and dependable. This process ensures that the latest version of your system’s setup is always saved. If something goes wrong, like a system crash, having these up-to-date backups means you can quickly get things back up and running. Additionally, it makes it easier to grow or move your systems because you have readily available copies of machine images. By doing this every day, businesses can reduce the risk of losing data, work more efficiently, and keep everything running smoothly.

Automating daily exports of Amazon Machine Images (AMIs) offers significant benefits for IT operations. Firstly, it keeps up-to-date backups which reduces downtime during system failures. Secondly, it simplifies infrastructure scaling and migration by providing easily accessible system configurations. Additionally, it helps ensure that you are following the rules about managing data properly and lets IT teams focus on important projects by automatically handling routine tasks. With this, it helps save money by getting rid of unnecessary storage costs. Overall, daily AMI automation helps organizations make their IT systems more reliable, scalable, compliant, efficient, and cost-effective.

Implementation

Creating an EBS snapshot policy

• Before proceeding with Step 1, ensure that the EC2 instance to be used for creating snapshots has its tags already configured.

Step 1: Go to LifeCycle Manager → Create new Lifecycle Policy → Choose EBS snapshot policy

Step 2: Specify Settings:
– Target resource types: INSTANCE
Target resource tags:
– key: your-key-id
– value: your-value

Step 3: For the IAM role, choose the default policy.

Click Next.

Follow the configuration below:

Cross-Region copy through Amazon DLM

Step 5: You can also automate the copying of a snapshot to another AWS Region after it has been created. Copies can be scheduled for up to three AWS Regions from a single policy, and retention periods are set for each AWS Region separately.

Follow the configuration below:

Step 6: Select Enable cross-account sharing for this schedule check box to share the snapshots created by this schedule with other AWS accounts.

• Your Backup Account ID: ” “

Step 7: Review and Create Policy.

Configuration on the second account

Step 8: Go to the Backup Account and Create a Lifecycle Policy → Choose Cross-account copy event policy

Step 9: Enter a brief Description of the policy.

• Policy description: Your Policy description

Step 10: Next to Copy snapshots shared by, enter the AWS account ID of the source account that you want to copy snapshots from.

• Select Add after entering each account.

Step 11: You must add a Snapshot description filter to copy snapshots. Use a regex that will only capture snapshots created by the existing DLM policy.

• Created for policy: policy_ID.*

Step 12: For the IAM role, select the default role.

Step 13: Under the Copy action, you can select up to three Regions as the destinations for your snapshots.

Note: We will copy snapshots to AWS Ohio (us-east-2o) Region, where we will retain it for 1 day.

Step 14: Scroll to the bottom of the page, verify that the Policy status after creation is enabled (if you want the policy to be effective immediately). Then select Create Policy.

Create a scheduled Lambda function in the 2nd account that deletes EBS snapshots older than 30 days

Step 1: Go to Lambda Function

Step 2: Create Function.

• Function name: delete-EBS-snapshots-older-than-30-days
• Runtime: Python 3.9

Step 3: Copy the code below:

 import boto3
from datetime import datetime, timedelta, timezone

def lambda_handler(event, context):
# Specify the AWS region where you want to delete snapshots
region = 'us-east-2'

# Calculate the date 30 days ago in UTC timezone
thirty_days_ago = datetime.now(timezone.utc) - timedelta(days=30)

ec2 = boto3.client('ec2', region_name=region)

# Describe EBS snapshots in the specified region
response = ec2.describe_snapshots(OwnerIds=['self'])

deleted_snapshots = [] # Initialize a list to store deleted snapshot IDs

for snapshot in response['Snapshots']:
snapshot_id = snapshot['SnapshotId']
snapshot_start_time = snapshot['StartTime']

# Check if the snapshot is older than 30 days
if snapshot_start_time < thirty_days_ago:
# Delete the snapshot
ec2.delete_snapshot(SnapshotId=snapshot_id)
deleted_snapshots.append(snapshot_id) # Add deleted snapshot ID to the list

# Print or log the deleted snapshot IDs
if deleted_snapshots:
deleted_snapshots_str = ', '.join(deleted_snapshots)
print(f"Deleted snapshots: {deleted_snapshots_str}")
else:
print("No snapshots were deleted.")

Step 4: Go to the Configurations tab → Permissions → Select the Role name.

Step 5: Create Inline Policy

Step 6: Add the policy below → Name the policy as ec2-DeleteSnapshot

{
    "Version": "2012-10-17",
    "Statement": [
       {
           "Effect": "Allow",
           "Action": "ec2:DeleteSnapshot",
           "Resource": "*"
       }
    ]
}

Step 7: Attach Policy → AmazonEC2ReadOnlyAccess

Step 8: Go back to the Lambda Function’s Configurations tab → Triggers → Add Trigger

Step 9: Add a trigger that will run the Lambda Function every month.

Conclusion

Automating the daily export of Amazon Machine Images (AMIs) is essential for a strong IT infrastructure. It keeps your backups up-to-date, making system recovery and scaling easier. This involves setting up policies for EBS snapshots, copying snapshots to different regions, and automatically deleting old ones. These steps ensure your backups are reliable, secure, and accessible. Moreover, automation also helps meet data regulations and allows IT teams to focus on more important tasks while saving on storage costs. Overall, automating daily AMI exports improves disaster recovery, scalability, and IT efficiency.