This tool is best used in conjunction with terraform-modle-ebs-backup. However, it is not necessary to use this terraform module at all. Your aws snapshot only need two tags : one for the name and one for the date it was taken.
make && make dev
usage: aws-snapshot-recovery [-h] [-d DATE] [-n NAME] [-r] [--dry-run] [-v]
[--debug] [--filter-name-tagkey TAGNAME]
[--filter-date-tagkey TAGNAME]
[--ec2-security-group-id ID] [--ec2-subnet-id ID]
[--ec2-instance-type TYPE]
[--ssh-public-key PUBLIC_KEY]
[--ssh-private-key PRIVATE_KEY]
[--ssh-command COMMAND] [--aws-profile PROFILE]
Amazon Snapshot Recovery Tool
optional arguments:
-h, --help show this help message and exit
-d DATE, --date DATE date of the snapshot you are searching for
-n NAME, --name NAME name of the snapshot you are searching for
-r, --recover recover the given snapshot
--dry-run do not create any aws resource however, aws query are
still executed
-v, --verbose increase output verbosity
--debug greatly increase output verbosity
--filter-name-tagkey TAGNAME
set the tag key to use when filtering with --name
--filter-date-tagkey TAGNAME
set the tag key to use when filtering with --date
--ec2-security-group-id ID [ID ...]
set the ec2 security group id
--ec2-subnet-id ID set the ec2 subnet id
--ec2-instance-type TYPE
set the ec2 instance type
--ssh-public-key PUBLIC_KEY
specify the ssh public key to use for login
--ssh-private-key PRIVATE_KEY
specify the ssh private key to use for login
--ssh-command COMMAND
execute a command on the ec2 then shut down. Only use
this if you want to automation. You will also need to
specify the private key
--aws-profile PROFILE
specify the aws profile to use
Configuration is set either via environment variable or a yaml file
Environment variables are directly connected to their yaml configuration file counterpart and have precedence over them.
Define the tag key used to filter on snapshot date. Default is "EbsBackup_DatetimeUTC"
Define the tag key used to filter on the snapshot name. Default is "Name".
Define the ssh public key to use when creating the ec2 instance. Default is /home/${USER}/.ssh/${USER}.pem.pub.
Define the ssh private key to use when connecting to execute remote ssh command. Default is /home/${USER}/.ssh/${USER}.pem.
Define the ssh command to execute as soon as the ec2 is ready. When the command is finished, terminate the instance.
Define the security group id. Default is the "default" security group.
Define the ec2 subnet id. Can specify multiple value e.g. sg-4391,sg-2184. Default will use the default subnet of the default vpc.
Define the ec2 instance type. Default is "t2.micro".
The yaml configuration file will be read from ~/.config/aws-snapshot-recovery.yaml
Example yaml file :
filter_date_tagkey: EbsBackup_DatetimeUTC
filter_name_tagkey: Name
ssh_public_key: /home/user/.ssh/key.pub
ec2_security_group_id: 'sg-2afa5263'
ec2_subnet_id: 'subnet-39175'
ec2__instance_type: 't2-micro'
Below is an example policy which fairly restrict the script permission.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AwsSnapshotRecovery0",
"Effect": "Allow",
"Action": "ec2:TerminateInstances",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/AwsSnapshotRecovery": "true"
}
}
},
{
"Sid": "AwsSnapshotRecovery1",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*::image/*",
"Condition": {
"StringEquals": {
"ec2:Owner": "379101102735"
}
}
},
{
"Sid": "AwsSnapshotRecovery2",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"AwsSnapshotRecovery",
"AwsSnapshotRecovery_SnapshotId",
"Name"
]
}
}
},
{
"Sid": "AwsSnapshotRecovery3",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeImageAttribute",
"ec2:DescribeKeyPairs"
],
"Resource": "*"
},
{
"Sid": "AwsSnapshotRecovery4",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:network-interface/*"
]
},
{
"Sid": "AwsSnapshotRecovery5",
"Effect": "Allow",
"Action": "ec2:DescribeSnapshots",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"EbsBackup_DatetimeUTC",
"Name"
]
}
}
}
]
}
If you change filter tag key configuration, you need to change the policy accordingly
Assuming we are at version 1.0.0 and we want to release version 1.0.1.
git checkout 1.0.0
git checkout -b 1.0.1
sed -i "s/:1.0.0/:1.0.1/g" Makefile
sed -i "s/VERSION='1.0.0'/VERSION='1.0.1'/g" bin/docker-aws-snapshot-recovery
git add .
git commit -m "1.0.1"
# Merge or cherry-pick whatever you need in this new version
git merge master
git tag -a 1.0.1 -m "1.0.1"
git push --tags
git checkout master && git branch -D 1.0.1 && git checkout 1.0.1
Once the tag is pushed, reach the release page via github and click "draft a new release".
- Use the newly created tag (1.0.1 in this example) as the new version.
- The release title should be related to electronic parts or physics in general. Major version (2.0.0, 3.0.0, etc.) must have one word title e.g. "Diodes". Minor and Patch version must have two word with the first word being the major release version title e.g. Diodes Gunn. Second word must be related to first word electronic part.
- Describe what is in the new release
- Add two binaries:
bin/aws-snapshot-recoveryandbin/docker-aws-snapshot-recovery. Make sure you are using the binary of the new version by checkouting the newly created tag (git checkout 1.0.1).