Create VSS snapshots with Amazon Systems Manager command documents
You can use Amazon Systems Manager command documents to create VSS-enabled snapshots. The following content introduces the command documents that are available, and the runtime parameters that the documents use to create your snapshots.
Before you use any of the Systems Manager command documents, ensure that you've met all Prerequisites.
Topics
Parameters for Systems Manager VSS snapshot documents
The Systems Manager documents that create VSS snapshots all use the following parameters, except where noted:
- ExcludeBootVolume (string, optional)
-
This setting excludes boot volumes from the backup process if you create snapshots. To exclude boot volumes from your snapshots, set ExcludeBootVolume to
True
, and CreateAmi toFalse
.If you create an AMI for your backup, this parameter should be set to
False
. The default value for this parameter isFalse
. - NoWriters (string, optional)
-
To exclude application VSS writers from the snapshot process, set this parameter to
True
. Excluding application VSS writers can help you resolve conflicts with third-party VSS backup components. The default value for this parameter isFalse
. - CopyOnly (string, optional)
-
If you use the native SQL Server backup in addition to Amazon VSS, performing a Copy-only backup prevents Amazon VSS from breaking the native differential backup chain. To perform a Copy-only backup operation, set this parameter to
True
.The default value for this parameter is
False
, which causes Amazon VSS to perform a full backup operation. - CreateAmi (string, optional)
-
To create a VSS-enabled Amazon Machine Image (AMI) to back up your instance, set this parameter to
True
. The default value for this parameter isFalse
, which backs up your instance with an EBS snapshot instead.For more information about creating an AMI from an instance, see Create a Windows AMI from a running instance.
- AmiName (string, optional)
-
If the CreateAmi option is set to
True
, specify the name of the AMI that the backup creates. - description (string, optional)
-
Specify a description for the snapshots or image that this process creates.
- tags (string, optional)
-
We recommend that you tag your snapshots and images to help you locate and manage your resources, for example, to restore volumes from a list of snapshots. The system adds the
Name
key, with a blank value where you can specify the name that you want to apply to your output snapshots or images.If you want to specify additional tags, separate tags with a semicolon in between. For example,
Key=Environment,Value=Test;Key=User,Value=TestUser1
.By default, the system adds the following reserved tags for VSS-enabled snapshots and images.
-
Device – For VSS-enabled snapshots, this is the device name of the EBS volume that the snapshot captures.
-
AppConsistent – This tag indicates the successful creation of a VSS-enabled snapshot or AMI.
-
AwsVssConfig – This identifies snapshots and AMIs that are created with VSS enabled. The tag includes meta information such as the
AwsVssComponents
version.
Warning
Specifying any of these reserved tags in your parameter list will cause an error.
-
- executionTimeout (string, optional)
-
Specify the maximum time in seconds to run the snapshot creation process on the instance, or to create an AMI from the instance. Increasing this timeout allows the command to wait longer for VSS to start its freeze and complete tagging of the resources it creates. This timeout only applies to the snapshot or AMI creation steps. The initial step to install or update the
AwsVssComponents
package is not included in the timeout. - CollectDiagnosticLogs (string, optional)
-
To collect more information during snapshot and AMI creation steps, set this parameter to
True
. The default value for this parameter isFalse
. - VssVersion (string, optional)
-
For the
AWSEC2-VssInstallAndSnapshot
document only, you can specify theVssVersion
parameter to install a specific version ofAwsVssComponents
package on your instance. Leave this parameter blank to install the recommended default version.If the specified version of the
AwsVssComponents
package is already installed, the script skips the install step and moves on to the backup step. For a list ofAwsVssComponents
package versions and operating support, see Amazon VSS solution version history.
Run Systems Manager VSS snapshot command documents
You can create VSS-enabled EBS snapshots with Amazon Systems Manager command documents as follows.
When you use Amazon Systems Manager to run the AWSEC2-VssInstallAndSnapshot
document,
the script runs the following steps.
-
The script first installs or updates the
AwsVssComponents
package on your instance, depending on whether it's already installed. -
The script creates the application-consistent snapshots after the first step completes.
To run the AWSEC2-VssInstallAndSnapshot
document, follow the steps for
your preferred environment.
To run the AWSEC2-CreateVssSnapshot
document, follow the steps for
your preferred environment.
You can use any of the command line procedures described in the previous section
to create a VSS-enabled snapshot. The command document
(AWSEC2-VssInstallAndSnapshot
or AWSEC2-CreateVssSnapshot
)
must run on the primary node in your cluster. The document will fail
on the secondary nodes as they don't have access to the shared disks. If your
primary and secondary change dynamically, you can run the Amazon Systems Manager Run Command
document on multiple nodes with the expectation that the command will succeed on
the primary node and fail on secondary nodes.
You can use the following script and the pre-defined
AWSEC2-ManageVssIO
SSM document to temporarily pause
I/O, create VSS-enabled EBS snapshots, and restart I/O. This process runs in the
context of the user who runs the command. If the user has sufficient permission
to create and tag snapshots, then Amazon Systems Manager can create and tag VSS-enabled EBS
snapshots without the need for the additional IAM snapshot role on the
instance.
In contrast, the command document (AWSEC2-VssInstallAndSnapshot
or AWSEC2-CreateVssSnapshot
) requires that you assign the IAM
snapshot role to each instance for which you want to create EBS snapshots. If
you don’t want to provide additional IAM permissions to your instances for
policy or compliance reasons, then you can use the following script.
Before you begin
Note the following important details about this process:
-
This process uses a PowerShell script (
CreateVssSnapshotAdvancedScript.ps1
) to take snapshots of all volumes on the instances you specify, except root volumes. If you need to take snapshots of root volumes, then you must use theAWSEC2-CreateVssSnapshot
SSM document. -
The script calls the
AWSEC2-ManageVssIO
document twice. The first time with theAction
parameter set toFreeze
, which pauses all I/O on the instances. The second time, theAction
parameter is set toThaw
, which forces I/O to resume. -
Don't attempt to use the
AWSEC2-ManageVssIO
document without using the CreateVssSnapshotAdvancedScript.ps1 script. Microsoft's VSS framework requires that theFreeze
andThaw
actions be called no more than ten seconds apart, and manually calling these actions without the script could result in errors.
To create VSS-enabled EBS snapshots by using the AWSEC2-ManageVssIO
SSM
document
-
Download the CreateVssSnapshotAdvancedScript.zip file and extract the file contents.
-
Open
CreateVssSnapshotAdvancedScript.ps1
in a text editor, edit the sample call at the bottom of the script with a valid EC2 instance ID, snapshot description, and desired tag values, and then run the script from PowerShell.
If successful, the command populates the list of EBS snapshots with the new
snapshots. You can locate these snapshots in the list of EBS snapshots by
searching for the tags you specified, or by searching for
AppConsistent
. If the command execution failed, view the
command output for details about why the execution failed. If the command was
successfully completed, but a specific volume backup failed, you can
troubleshoot the failure in the list of EBS volumes.
Note
To automate backups, you can create an Amazon Systems Manager maintenance window task that uses the
AWSEC2-VssInstallAndSnapshot
document. For more information, see
Working with Maintenance Windows (Console) in the
Amazon Systems Manager User Guide.