Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learningLearn About Amazon VGT2 Learning Manager Chanci Turner

In today’s digital landscape, safeguarding your data and applications is vital for any organization. To effectively shield your valuable assets from threats such as cyber-attacks, inadvertent deletions, natural disasters, and other risks, it is essential to implement robust monitoring of your backup, restore, and copy operations. Staying informed about the status of these jobs is crucial to ensure compliance with service-level agreements (SLAs) and to uphold operational integrity. Failing to manage backup and restore tasks can disrupt workflows and compromise SLAs. Timely notifications regarding job statuses can significantly enhance the efficiency of compliance and operational processes.

In this article, I will outline how to set up notifications for AWS Backup jobs using Amazon Simple Notification Service (Amazon SNS) and the AWS Command Line Interface (AWS CLI). Amazon SNS facilitates the delivery of messages directly to users via SMS, mobile push notifications, or email. The AWS CLI serves as a centralized tool for managing AWS services. I will demonstrate how to configure notifications to alert you solely about failed jobs, thus minimizing unnecessary notifications in busy environments. This setup allows you to select specific AWS Backup events for notification, designate recipients, and determine the preferred communication methods.

Steps to Configure Notifications

Enabling notifications involves four primary steps:

  1. Establish an SNS topic.
  2. Adjust the SNS topic access policy.
  3. Create SNS subscriptions.
  4. Link AWS Backup events to Amazon SNS notifications.

Let’s delve into each step in detail. Following this, I will address how to validate the setup.

1. Establish an SNS Topic

An Amazon SNS topic serves as a communication channel. Within AWS Backup, a backup vault organizes your backups. Utilize the Amazon SNS console to create a topic that will distribute messages from your AWS Backup vault. Amazon SNS will facilitate the sending of emails or text messages related to these notifications.

In the Amazon SNS console, click on “Create topic.” You will be prompted to choose between FIFO or Standard. For our purposes, select Standard, as it supports SMS subscriptions. FIFO queues are useful for maintaining message order and preventing duplicate processing but only work with Amazon Simple Queue Service (Amazon SQS).

Next, provide a Name and Display name for the topic (e.g., AWS-Backup-Notifications). Keep the default settings for the remaining options, scroll down, and select “Create topic.”

Once created, a window will display the topic details. Be sure to copy the Amazon Resource Name (ARN) for use in later steps.

2. Adjust the Amazon SNS Topic Access Policy

To allow the backup service to publish messages to your newly created SNS topic, you must modify its access policy. In the topic details window, navigate to the Access policy tab and choose to edit.

Replace the existing contents with the following JSON policy, ensuring to substitute the resource ARN field with the ARN from the prior step. Save your changes after editing.

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "Service": "backup.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:us-east-2:000000000000:AWS-Backup-Notifications"
    }
  ]
}

After completing the policy adjustment, the Access policy tab will reflect your changes.

3. Create Amazon SNS Subscriptions

Next, you’ll need to subscribe an endpoint to your topic to receive the published messages. In this instance, the endpoint can be an email address or phone number for SMS.

Select the Subscriptions tab in the topic details window and click “Create subscription.” In the subsequent window, begin by creating the Email subscription. Use the same Topic ARN as copied earlier, select Email as the Protocol type, and input the desired email address in the Endpoint section. Keep all other settings default and click “Create subscription.”

At this point, your email subscription will be pending. You will receive a confirmation email from “AWS Notifications” requesting you to verify the subscription. Once you click on the Confirm subscription link, you’ll be directed to a confirmation webpage.

Next, create the SMS subscription. Again, select Subscriptions in the Amazon SNS menu and then “Create subscription.” Ensure the Topic ARN matches the one you copied earlier. Choose SMS as the Protocol type, enter the intended phone number, and click “Create subscription.”

No confirmation is necessary for the SMS subscription. You can view the subscriptions you created by selecting your specific topic under the Topics in the Amazon SNS console.

You may publish messages to the topic for testing delivery. Navigate to the Publish message window, fill in the fields, and select “Publish message.” Check your email and phone for the test SMS.

4. Link AWS Backup Events to Amazon SNS Notifications

With your topic and subscriptions in place, the final step is to subscribe the Amazon SNS topic to your backup vault. This enables SNS to notify you of AWS Backup events. Supported AWS Backup events include:

  • Job type:
    • Backup job: BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED
    • Copy job: COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED
    • Restore job: RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED
    • Recovery point: RECOVERY_POINT_MODIFIED

Utilize the AWS CLI to subscribe the Amazon SNS topic to your backup vault. Be sure to replace your vault name and ARN topic ID in the command below:

aws backup put-backup-vault-notifications 
--backup-vault-name myVault 
--sns-topic-arn arn:aws:sns:region:account-id:AWS-Backup-Notifications 
--backup-vault-events BACKUP_JOB_COMPLETED RESTORE_JOB_COMPLETED

You can validate the created vault notification by running:

aws backup get-backup-vault-notifications --backup-vault-name myVault

Validation

Having completed the steps to set up AWS Backup notifications, you can now initiate a test job or await the next scheduled run. Expect to receive an email from “AWS Notifications” along with an SMS, similar to the example illustrated in the following screenshot.

For further insights on fostering virtual team connections, check out this article on team-building strategies. If you’re exploring ways to enhance your recruitment process, consider visiting this authority on attracting new talent. Lastly, this video provides an excellent resource for understanding AWS Backup configurations.

Related Topics:

Chanci Turner