Introduction
This document provides a step-by-step guide on how to set up notifications for AWS Backup jobs using Amazon SNS (Simple Notification Service) and Amazon SQS (Simple Queue Service). By following these instructions, you can receive alerts for failed backup jobs via email and SQS, ensuring that you stay informed about the status of your backup operations.
Create an SNS Topic in AWS
- Sign in to the AWS Management Console.
- Navigate to the Amazon SNS dashboard.
- Click on Topics in the navigation panel.
- Click on Create topic.
- Choose Standard as the topic type.
- Enter Events as the topic name.
- Optionally, enter Events Display as the display name.
- Click Create topic to create the topic.
- Select the topic you just created.
- Under Details, copy the value for ARN (Amazon Resource Name).
- Choose Edit, then expand Access policy.
- In the JSON editor, enter the following permissions into the policy:
{
"Sid": "My-statement-id",
"Effect": "Allow",
"Principal": {
"Service": "backup.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:eu-west-1:111111111111:exampletopic"
}
- Choose Save changes.
Note
After saving your changes, the updated Access Policy will resemble the following example:{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "arn:aws:sns:eu-west-1:111111111111:exampletopic",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "111111111111"
}
}
},
{
"Sid": "My-statement-id",
"Effect": "Allow",
"Principal": {
"Service": "backup.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:eu-west-1:111111111111:exampletopic"
}
]
}
Create an Amazon SQS Standard Queue
- Open the Amazon SQS console at https://console.aws.amazon.com/sqs/.
- Choose Create queue.
- For Type, the Standard queue type is set by default.
- Enter a Name for your queue.
- Choose Encryption Enabled:
- Encryption key type: Amazon SQS key (SSE-SQS).
- Choose Access policy Basic:
- Define who can send messages to the queue: Only the queue owner.
- Define who can receive messages from the queue: Only the queue owner.
- Click Create queue.
Create an Amazon SNS Subscription
To receive notifications for failed backup jobs, follow these steps:
- In the left navigation pane, choose Subscriptions.
- On the Subscriptions page, choose Create subscription.
- For Topic ARN, select the SNS topic you created.
- For Protocol, choose Amazon SQS.
- For Endpoint, select the SQS Queue.
- Choose Create subscription.Amazon SNS will send you a subscription confirmation email.
- Confirm the subscription.
Test AWS Backup Job Notifications
To test notifications for failed AWS Backup jobs:
- Open the AWS Backup console at https://console.aws.amazon.com/backup.
- On the Dashboard, choose Create an on-demand backup or navigate to Protected Resources and select Create an on-demand backup.
- On the Create on-demand backup page, select the resource type you want to back up (for example, EC2 for instance backup).
- Choose the name or Instance ID of the resource you want to protect (for example, Test VM (Instance ID)).
- Ensure that Create Backup Now is selected to initiate a backup immediately.
- Choose an Expire value.
- Choose an existing Backup vault.
- Under the IAM role, choose Default.
- Optionally, assign tags to your on-demand backup by entering a Key and optional Value, then select Add tag.
- Click Create on-demand backup.This will take you to the Jobs page.
- From the list of jobs created, select a running job and stop it.
- You will receive notifications via email and the SQS queue regarding the stopped backup job.