amazon-web-servicesamazon-efsaws-backup
AWS Backup jobs for EFS file systems are empty
I have a backup plan:
{
"BackupPlan": {
"BackupPlanName": "prometheus_dev",
"Rules": [
{
"RuleName": "prometheus_dev",
"TargetBackupVaultName": "prometheus_eu_central_1_dev",
"ScheduleExpression": "cron(15 * ? * * *)",
"StartWindowMinutes": 60,
"CompletionWindowMinutes": 180,
"Lifecycle": {
"DeleteAfterDays": 7
},
"RuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25",
"CopyActions": [
{
"Lifecycle": {
"DeleteAfterDays": 7
},
"DestinationBackupVaultArn": "arn:aws:backup:eu-west-1:614797193252:backup-vault:prometheus_backup_eu_west_1_dev"
}
],
"EnableContinuousBackup": false
}
]
},
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"VersionId": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"CreationDate": "2023-10-13T13:42:22.048000+02:00",
"LastExecutionDate": "2023-10-20T11:16:48.451000+02:00"
}
The file system is protected:
{
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"ResourceType": "EFS",
"LastBackupTime": "2023-10-20T11:22:48.159000+02:00",
"ResourceName": "prometheus_dev"
}
And backups are taken hourly:
// ...
{
"AccountId": "614797193252",
"BackupJobId": "06178992-5DF7-17BA-1E38-C969357B644A",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:58cb7957-5b0c-4038-a579-af78aadbc506",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T08:15:00+02:00",
"CompletionDate": "2023-10-20T08:25:07.003000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"CreatedBy": {
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanVersion": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"BackupRuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25"
},
"StartBy": "2023-10-20T09:15:00+02:00",
"ResourceType": "EFS",
"IsParent": false,
"ResourceName": "prometheus_dev"
},
{
"AccountId": "614797193252",
"BackupJobId": "DE456E1F-1A49-4A36-507A-32646DD0AE85",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:998837d7-e0c8-4505-9d4f-ff19ca1f69c7",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T07:15:00+02:00",
"CompletionDate": "2023-10-20T07:25:52.381000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"CreatedBy": {
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanVersion": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"BackupRuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25"
},
"StartBy": "2023-10-20T08:15:00+02:00",
"ResourceType": "EFS",
"IsParent": false,
"ResourceName": "prometheus_dev"
},
// ...
The problem is that ALL recovery points are empty, even if the file system is not:
{
// ...
"SizeInBytes": {
"Value": 67465216,
"Timestamp": "2023-10-20T10:41:44+02:00",
"ValueInIA": 0,
"ValueInStandard": 67465216
}
// ...
}
I've also tried to start a backup job:
aws backup start-backup-job \
--backup-vault-name prometheus_eu_central_1_dev \
--resource-arn arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e \
--iam-role-arn arn:aws:iam::614797193252:role/prometheus_backup_dev
Which produced the following response:
{
"BackupJobId": "7a010939-11cd-4d6f-bf2e-bbec0fc50452",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:ac338f60-9a4e-4c24-817e-2e0e15a72d03",
"CreationDate": "2023-10-20T11:22:48.159000+02:00",
"IsParent": false
}
But again the backup is empty:
{
"AccountId": "614797193252",
"BackupJobId": "7a010939-11cd-4d6f-bf2e-bbec0fc50452",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:ac338f60-9a4e-4c24-817e-2e0e15a72d03",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T11:22:48.159000+02:00",
"CompletionDate": "2023-10-20T11:22:55.105000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"ResourceType": "EFS",
"BytesTransferred": 0,
"StartBy": "2023-10-20T19:22:48.159000+02:00",
"IsParent": false,
"ResourceName": "prometheus_dev"
}
Why are these backups empty? How can i further debug this?
I see no errors anywhere, and the role used has the necessary permissions, since it's using AWS managed policy.
EDIT:
- After @Tsal Troser, I noticed I forgot to mention that the reason I discovered that EFS backups, for some reason, are not working, is exactly because I tried to use a recovery point to create a new EFS. The EFS is created, but it is empty.
- The same can't be said for RDS recovery points. Although describing a backup also shows a
BackupSizeInBytesas0, creating an instance from the recovery point provisions an instance with data as expected.
EDIT 2:
- Data is restored but to a backup folder, not to the original location. See answer below or https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-efs.html
Solution
Because AWS Backup perform incremental backups. The initial backup will be a full backup then the following, even the on-demand backup, will be an incremental backup.
AWS Backup performs incremental backups of EFS file systems. During the initial backup, a copy of the entire file system is made. During subsequent backups of that file system, only files and directories that have been changed, added, or removed are copied. https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#incremental-backup
"BackupSizeInBytes": 0,
This just mean that from the last recovery point/backup to the next, there wasn't any change.
I checked my backups as well and I got the same. But that's because I'm not actively using my EFS.
{
> aws backup describe-recovery-point --backup-vault-name myEfsVault --recovery-point-arn <recoveryPointArn>
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T07:00:00+02:00",
"CompletionDate": "2023-10-20T09:15:48.157000+02:00",
"BackupSizeInBytes": 0,
...
}
Here's what you can do to confirm your backup integrity:
- Perform a full restore and check if your files are there. You can cross check with the original.
- Upload a large file in your EFS then perform an on-demand backup then check the backup job/recovery point details.
Bonus
Here's an AWS recommendation for performing data recovery validation with AWS Backup.
https://aws.amazon.com/blogs/storage/automate-data-recovery-validation-with-aws-backup/
Edit
Backup testing
New Initial Backup
}
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T14:54:57.001000+02:00",
"CompletionDate": "2023-10-20T14:55:07.614000+02:00",
"BackupSizeInBytes": 1199258039,
...
}
Followup on-demand backup:
{
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T14:57:43.050000+02:00",
"CompletionDate": "2023-10-20T14:57:50.314000+02:00",
"BackupSizeInBytes": 0,
...
}
Restore test:
Restore job:
Restored EFS and Original EFS (Original names redacted):
Create Mount Targets (Select subnet, SG, AZ)
Mount restored FS and check contents:
[root@test-server ~]# mkdir /efs-restore
[root@test-server ~]# mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,mountport=2049 10.10.10.113:/ /efs-restore
[root@test-server efs-restore]# df -h /efs-restore
Filesystem Size Used Avail Use% Mounted on
10.10.10.113:/ 8.0E 0 8.0E 0% /efs-restore
[root@test-server efs-restore]# ll /efs-restore
drwxrwxr-x 4 root root 6144 Aug 14 12:39 aws-backup-restore_2023-10-20T13-00-49-858648977Z
[root@test-server efs-restore]# ll /efs-restore/aws-backup-restore_2023-10-20T13-00-49-858648977Z/
drw--w---- 2 root root 6144 Oct 20 15:00 aws-backup-lost+found_2023-10-20T13-00-32-067742883Z
drwxrwxr-x 3 ec2-user ec2-user 6144 Aug 1 11:38 logs # <-- my application logs
[root@test-server efs-restore]# ll /efs-restore/aws-backup-restore_2023-10-20T13-00-49-858648977Z/logs/path/to/my/application/
total 100
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 12 14:55 ip-10-10-4-123
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 12 17:55 ip-10-10-4-127
drwxrwxr-x 3 ec2-user ec2-user 6144 Sep 11 16:50 ip-10-10-4-151
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 11 09:28 ip-10-10-4-160
Restore test 2:
Deleted the initial backup full backup to simulate the retention period. Then performed another restore, everything is still there.
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- In total how many aws command is available
- start the stopped AWS instances using ansible playbook
- How to display only files from aws s3 ls command?
- Reducing Python zip size to use with AWS Lambda
- localstack trying to connect to localhost:4566 when we explicitly have the url set to 4576
- Limit Restart Attempts in Self-Healing Process for Application on EC2
- How to use Custom CI/CD action for building dotNet in Mumbai region?
- How to deploy single-platform image to ECR after building with --platform flag?
- Can an AWS Lambda function call another
- How to scale my AWS EC2 instance using SQS backlogs in AWS cloudwatch?
- Is there an easy way to revoke all AWS Lake Formation permissions at once for a user?
- Check if EC2 instances exists and running then skip deployment
- Is it possible to install Apache superset on a ECS container
- How do I install Python 3 on an AWS EC2 instance?
- How to load ssm secrets in lambda env variables with aws cdk at build time
- Convert a XLSX to Json using NodeJs and XLSX package
- Invoking Lambda function from another Lambda function consistently results in a strange HTTP 421 Misdirected Request error
- Input Transformation in CloudWatch EventBridge Rule
- AWS Amplify deployment permanent "pending" state
- How to send a request to AWS Bedrock properly?
- UnrecognizedClientException error when authenticating on aws-cli
- Get Scanned data with boto3 on Athena
- Cannot capture CloudWatch logs of Lambda function after Terraform deployment
- Django collectstatic not working on production with S3, but same settings work locally
- toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading
- Understanding AWS API Gateway Custom Domain Names
- amazon api request return SignatureDoesNotMatch
- chmod unable to change permissions
- Are there any difference between amazon cloudfront and amazon s3 transfer acceleration?