使用 Amazon SNS 跟踪 AWS Backup 事件 - AWS Backup
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用 Amazon SNS 跟踪 AWS Backup 事件

AWS Backup 旨在为充分利用 Amazon Simple Notification Service (Amazon SNS) 提供的可靠通知功能。您可配置 Amazon SNS 以从 Amazon SNS 控制台发送 AWS Backup 事件的通知。有关更多信息,请参阅Amazon SNS 中的 Amazon Simple Notification Service 开发人员指南 入门

AWS Backup 通知 APIs

使用 Amazon SNS 控制台或 AWS Command Line Interface (AWS CLI) 创建主题后,您可以使用以下 AWS Backup API 操作来管理备份通知。

支持以下事件:

备份作业

  • BACKUP_JOB_STARTED

  • BACKUP_JOB_COMPLETED

还原作业

  • RESTORE_JOB_STARTED

  • RESTORE_JOB_COMPLETED

恢复点

  • RECOVERY_POINT_MODIFIED

备份计划

  • BACKUP_PLAN_CREATED

  • BACKUP_PLAN__MODIFIED

已完成的事件

Completed 通知中包含一个指示特定完成类型的 STATE 属性。

示例:已完成的事件

{ "Type" : "Notification", "MessageId" : "12345678-abcd-123a-def0-abcd1a234567", "TopicArn" : "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject" : "Notification from AWS Backup", "Message" : "An AWS Backup job was completed successfully. Recovery point ARN: arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012d. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp" : "2019-08-02T18:46:02.788Z", "MessageAttributes" : { "EventType" : {"Type":"String","Value":"BACKUP_JOB"}, "State" : {"Type":"String","Value":"COMPLETED"}, "AccountId" : {"Type":"String","Value":"123456789012"}, "Id" : {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime" : {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } }
{ "Type" : "Notification", "MessageId" : "12345678-abcd-123a-def0-abcd1a234567", "TopicArn" : "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject" : "Notification from AWS Backup", "Message" : "An AWS Backup job failed. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp" : "2019-08-02T18:46:02.788Z", "MessageAttributes" : { "EventType" : {"Type":"String","Value":"BACKUP_JOB"}, "State" : {"Type":"String","Value":"FAILED"}, "AccountId" : {"Type":"String","Value":"123456789012"}, "Id" : {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime" : {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } }
{ "Type" : "Notification", "MessageId" : "12345678-abcd-123a-def0-abcd1a234567", "TopicArn" : "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic", "Subject" : "Notification from AWS Backup", "Message" : "An AWS Backup job failed to complete in time. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123", "Timestamp" : "2019-08-02T18:46:02.788Z", "MessageAttributes" : { "EventType" : {"Type":"String","Value":"BACKUP_JOB"}, "State" : {"Type":"String","Value":"EXPIRED"}, "AccountId" : {"Type":"String","Value":"123456789012"}, "Id" : {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"}, "StartTime" : {"Type":"String","Value":"2019-09-02T13:48:52.226Z"} } }

AWS Backup 通知命令示例

您可以使用 AWS CLI 命令订阅、列出和删除 AWS Backup 事件的 Amazon SNS 通知。

放置备份文件库通知示例

以下命令订阅指定备份文件库的 Amazon SNS 主题,该主题将在启动或完成还原作业时或修改恢复点时通知您。

aws backup put-backup-vault-notifications --backup-vault-name --sns-topic-arn arn:aws:sns:region:account-id:myBackupTopic --backup-vault-events RESTORE_JOB_STARTED RESTORE_JOB_COMPLETED RECOVERY_POINT_MODIFIED

获取备份文件库通知示例

以下命令列出了当前订阅指定备份文件库的 Amazon SNS 主题的所有事件。

aws backup get-backup-vault-notifications --backup-vault-name myVault

示例输出如下所示:

{ "SNSTopicArn": "arn:aws:sns:region:account-id:myBackupTopic", "BackupVaultEvents": [ "RESTORE_JOB_STARTED", "RESTORE_JOB_COMPLETED", "RECOVERY_POINT_MODIFIED" ], "BackupVaultName": "myVault", "BackupVaultArn": "arn:aws:backup:region:account-id:backup-vault:myVault" }

删除备份文件库通知示例

以下命令取消订阅指定备份文件库的 Amazon SNS 主题。

aws backup delete-backup-vault-notifications --backup-vault-name myVault

将 AWS Backup 指定为服务委托人

注意

要允许 AWS Backup 代表您发布 SNS 主题,您必须将 AWS Backup 指定为服务委托人。

在用于跟踪 AWS Backup 事件的 Amazon SNS 主题的访问策略中包含以下 JSON。您必须指定主题的资源 Amazon 资源名称 (ARN)。

{ "Sid": "My-statement-id", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:region:account-id:myTopic" }

以下示例 JSON 是包含 AWS Backup 作为服务委托人的基本 Amazon SNS 访问策略的示例。您必须指定您自己的 AWS 账户 ID 和主题的资源 ARN。

{ "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__default_statement_ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], "Resource": "arn:aws:sns:region:account-id:myTopic", "Condition": { "StringEquals": { "AWS:SourceOwner": "account-id" } } }, { "Sid": "__console_pub_0", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:region:account-id:myTopic" } ] }

有关在中指定服务主体的更多信息 Amazon SNS 访问策略,请参阅 允许任何AWS资源发布到主题Amazon Simple Notification Service 开发人员指南.

注意

如果您的主题已加密,则必须在策略中包含其他权限才能允许 AWS Backup 向其发布。有关启用服务以发布到加密主题的更多信息,请参阅 启用来自AWS服务和加密主题的事件源之间的兼容性Amazon Simple Notification Service 开发人员指南.