使用 Amazon SNS 跟踪 AWS Backup 事件 - AWS Backup
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用 Amazon SNS 跟踪 AWS Backup 事件

AWS Backup 利用 Amazon Simple Notification Service (Amazon SNS) 传送的强大通知。您可以将 Amazon SNS 配置为从 Amazon SNS 控制台通知 AWS Backup 事件。

设置 Amazon SNS 控制台

有关如何设置 Amazon SNS 控制台以发送 AWS 备份相关通知的教程,请按照如何获取失败的 AWS Backup 任务的通知?fromAmazonPremium Support

有关更多信息,请参阅 。Amazon SNS 入门中的Amazon Simple Notification Service 开发人员指南

AWS Backup 通知 API

使用 Amazon SNS 控制台或Amazon命令行界面 (AmazonCLI),您可以使用以下 AWS Backup API 操作来管理备份通知。

支持以下事件:

任务类型 活动
Backup 作业 BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED
复制作业 COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED
还原作业 RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED
恢复点 RECOVERY_POINT_MODIFIED

事件示例

活动 Amazon SNS 通知
Backup 作业已完成
{ "Records": [{ "EventSource": "aws: sns", "EventVersion": "1.0", "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45", "Sns": { "Type": "Notification", "MessageId": "12345678-abcd-123a-def0-abcd1a234567", "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject": "Notification from AWS Backup", "Message": "An AWS Backup job was completed successfully. Recovery point ARN: arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012d. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp": "2019-08-02T18:46:02.788Z", ... "MessageAttributes": { "EventType": {"Type":"String","Value":"BACKUP_JOB"}, "State": {"Type":"String","Value":"COMPLETED"}, "AccountId": {"Type":"String","Value":"123456789012"}, "Id": {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime": {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } } }] }
Backup 作业
{ "Records": [{ "EventSource": "aws: sns", "EventVersion": "1.0", "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45", "Sns": { "Type": "Notification", "MessageId": "12345678-abcd-123a-def0-abcd1a234567", "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject": "Notification from AWS Backup", "Message": "An AWS Backup job failed. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp": "2019-08-02T18:46:02.788Z", ... "MessageAttributes": { "EventType": {"Type":"String","Value":"BACKUP_JOB"}, "State": {"Type":"String","Value":"FAILED"}, "AccountId": {"Type":"String","Value":"123456789012"}, "Id": {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime": {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } } }] }
Backup 作业在备份窗口期间无法完成
{ "Records": [{ "EventSource": "aws: sns", "EventVersion": "1.0", "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45", "Sns": { "Type": "Notification", "MessageId": "12345678-abcd-123a-def0-abcd1a234567", "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject": "Notification from AWS Backup", "Message": "An AWS Backup job failed to complete in time. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp": "2019-08-02T18:46:02.788Z", ... "MessageAttributes" : { "EventType" : {"Type":"String","Value":"BACKUP_JOB"}, "State" : {"Type":"String","Value":"EXPIRED"}, "AccountId" : {"Type":"String","Value":"123456789012"}, "Id" : {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime" : {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } } }] }

AWS Backup 通知命令示例

您可以使用AmazonCLI 命令订阅、列出和删除 AWS Backup 事件的 Amazon SNS 通知。

示例放置备份保管库通知

以下命令订阅指定备份文件库的 Amazon SNS 主题,该主题将在启动或完成还原作业时或修改恢复点时通知您。

aws backup put-backup-vault-notifications --backup-vault-name --sns-topic-arn arn:aws:sns:region:account-id:myBackupTopic --backup-vault-events RESTORE_JOB_STARTED RESTORE_JOB_COMPLETED RECOVERY_POINT_MODIFIED

示例获取备份文件库通知

以下命令列出了当前订阅指定备份文件库的 Amazon SNS 主题的所有事件。

aws backup get-backup-vault-notifications --backup-vault-name myVault

示例输出如下所示:

{ "SNSTopicArn": "arn:aws:sns:region:account-id:myBackupTopic", "BackupVaultEvents": [ "RESTORE_JOB_STARTED", "RESTORE_JOB_COMPLETED", "RECOVERY_POINT_MODIFIED" ], "BackupVaultName": "myVault", "BackupVaultArn": "arn:aws:backup:region:account-id:backup-vault:myVault" }

删除备份文件库通知示例

以下命令取消订阅指定的备份文件库的 Amazon SNS 主题。

aws backup delete-backup-vault-notifications --backup-vault-name myVault

将 AWS Backup 指定为服务主体

注意

要允许 AWS Backup 代表您发布 SNS 主题,您必须将 AWS Backup 指定为服务委托人。

在 Amazon SNS 主题的访问策略中包含以下 JSON,该策略用于跟踪 AWS Backup 事件。您必须指定主题的资源 Amazon 资源名称 (ARN)。

{ "Sid": "My-statement-id", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:region:account-id:myTopic" }

以下示例 JSON 是包含 AWS Backup 作为服务委托人的基本 Amazon SNS 访问策略的示例。您必须指定您自己的 AWS 账户 ID 和主题的资源 ARN。

{ "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__default_statement_ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], "Resource": "arn:aws:sns:region:account-id:myTopic", "Condition": { "StringEquals": { "AWS:SourceOwner": "account-id" } } }, { "Sid": "__console_pub_0", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:region:account-id:myTopic" } ] }

有关在 Amazon SNS 访问策略中指定服务委托人的更多信息,请参阅允许任何Amazon要向主题发布资源中的Amazon Simple Notification Service 开发人员指南

注意

如果您的主题已加密,则必须在策略中包含其他权限才能允许 AWS Backup 向其发布。有关允许服务向加密主题发布信息的更多信息,请参阅启用事件源之间的兼容性Amazon服务和加密主题中的Amazon Simple Notification Service 开发人员指南