How to create EC2 snapshots with multiple AWS accounts by CLI?

The new 2013 AWS CLI (python-based) tool is really awesome!!

I plan to have a script to have snapshots for all my friends' instances which work with EBS (volumes). First of all, I use IAM to create a user who have limited permissions so that I don't need all of their root account access/secret keys. Here are my steps.

1. Install AWS CLI

You can setup the new CLI on Windows, Mac, and Linux very easily (than previous versions). On my ubuntu server, I just need to install:

apt-get install python-pip
pip install awscli

More details, please refer to here.

2. Create a AWS CLI config file

You will put all your access/secret keys and assigned regions at this config file: ~/.aws/config
Please do remember to assign your region. "Region" is also important for almost all AWS CLI and AWS API calls. Also, make sure you keep this file in a save location, and 'chmod 600' may be a good idea.

Here is an example one:

[default]
aws_access_key_id={your access key}
aws_secret_access_key={your secret key}
region={your region}
output=text

[profile server01]
aws_access_key_id={your access key}
aws_secret_access_key={your secret key}
region={your region}
output=text

[profile server02]
aws_access_key_id={your access key}
aws_secret_access_key={your secret key}
region={your region}
output=text

If you're interested in "Multiple Configuration Profiles" please refer to the AWS CLI document.

3. Create a profile list file

As you seen in the ~/.aws/config that we create multiple configuration profiles there, then we can choose all or some of these profiles in our snapshot script.

You can create a file to list all your profiles named "profile_list" at the same folder of snapshot-multiple.sh (or you can modify the path by updating "profile_list"). If you want to use this for just one AWS account, there's no problem, you can just list one profile name in this file.

Here is one example:

server01
server02

4. Create a script for snapshot

I may update this snapshot-multiple.sh script in the future so I put it at gist.

5. Test it & modify it

I choose the tag name of the running instances, and current date as the description of snapshots. You can mark the command "aws ec2 create-snapshot --volume-id $volume --description $description" with a "#" in front of this line for your testing. You will see how's going about the naming and you can modify to be the right naming format you want.

6. Run it

Once you like the description of snapshot naming rules, you can remove the "#" in front of "aws ec2 create-snapshot" and run this script. (You may need to 'chmod u+x snapshot-multiple.sh' to run it.)

If you like it, you can put it in your crontab. Also, you may want to reference this AWS whitepaper "Backup and Recovery Approaches Using AWS" (page. 7~9) to know more about snapshots and hot backups.