Notification options with Amazon Backup - Amazon Backup
Amazon User Notifications and Amazon BackupAmazon SNS and Amazon Backup events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Notification options with Amazon Backup

There are two ways to receive notifications about Amazon Backup:

  • Amazon User Notifications can send notifications, including Amazon CloudWatch alarms, Amazon Web Services Support, and other services' notifications.

  • Amazon Simple Notification Service can notify you of Amazon Backup events.

Amazon User Notifications and Amazon Backup

Amazon Backup supports management of your backup notifications from the Amazon User Notifications console. With Amazon User Notifications, you can view the progress of your backup, copy, and restore jobs and changes to your backup policies, vaults, recovery points, and settings from the User Notifications Notification Center.

Amazon CloudWatch, Amazon EventBridge alarms, and Amazon Web Services Support case updates are among other types of notifications you can manage from the console. Additionally, you can set up several delivery options, including email, Amazon Chatbot notifications, and Amazon Console Mobile Application push notifications.

Amazon SNS and Amazon Backup events

Amazon Backup takes advantage of the robust notifications delivered by Amazon Simple Notification Service (Amazon SNS). You can configure Amazon SNS to notify you of Amazon Backup events from the Amazon SNS console.

Limitations

  • While the Amazon SNS service allows cross-account notifications, Amazon Backup does not currently support this feature. You must specify your own Amazon account ID and the resource ARN of your topic.

  • Amazon Backup supports Standard topics for SNS best-effort deduplication, but Amazon Backup does not currently support SNS FIFO topics for Strict deduplication.

Common use cases

For more information about Amazon SNS generally, see Getting Started with Amazon SNS in the Amazon Simple Notification Service Developer Guide.

Amazon Backup notification APIs

After creating your topics using the Amazon SNS console or Amazon Command Line Interface (Amazon CLI), you can use the following Amazon Backup API operations to manage your backup notifications.

Amazon Backup supports the following events:

Job type Event
Backup job BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED | CONTINUOUS_BACKUP_INTERRUPTED
Copy job COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED
Restore job RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED
Recovery point RECOVERY_POINT_MODIFIED

Amazon Backup for S3 supports two additional events:

  • S3_BACKUP_OBJECT_FAILED notifies you of any S3 object that Amazon Backup failed to back up during a backup job.

  • S3_RESTORE_OBJECT_FAILED notifies you of any S3 object that Amazon Backup failed to restore during a restore job.

Examples of events

Example: Backup job completed
{
    "Records": [{
        "EventSource": "aws:sns",
        "EventVersion": "1.0",
        "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45",
        "Sns": {
            "Type": "Notification",
            "MessageId": "12345678-abcd-123a-def0-abcd1a234567",
            "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic",
            "Subject": "Notification from AWS Backup",
            "Message": "An AWS Backup job was completed successfully. Recovery point ARN: arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012d. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123",
            "Timestamp": "2019-08-02T18:46:02.788Z",
            ...
            "MessageAttributes": {
                "EventType": {"Type":"String","Value":"BACKUP_JOB"},
                "State": {"Type":"String","Value":"COMPLETED"},
                "AccountId": {"Type":"String","Value":"123456789012"},
                "Id": {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},
                "StartTime": {"Type":"String","Value":"2019-09-02T13:48:52.226Z"}
            }
        }
    }]
}
Example: Backup job failed
{
    "Records": [{
        "EventSource": "aws:sns",
        "EventVersion": "1.0",
        "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45",
        "Sns": {
            "Type": "Notification",
            "MessageId": "12345678-abcd-123a-def0-abcd1a234567",
            "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic",
            "Subject": "Notification from AWS Backup",
            "Message": "An AWS Backup job failed. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123",
            "Timestamp": "2019-08-02T18:46:02.788Z",
            ...
            "MessageAttributes": {
                "EventType": {"Type":"String","Value":"BACKUP_JOB"},
                "State": {"Type":"String","Value":"FAILED"},
                "AccountId": {"Type":"String","Value":"123456789012"},
                "Id": {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},
                "StartTime": {"Type":"String","Value":"2019-09-02T13:48:52.226Z"}
            }
        }
    }]
}
Example: Backup job could not complete during the backup window
{
    "Records": [{
        "EventSource": "aws:sns",
        "EventVersion": "1.0",
        "EventSubscriptionArn": "arn:aws:sns:...-a3802aa1ed45",
        "Sns": {
            "Type": "Notification",
            "MessageId": "12345678-abcd-123a-def0-abcd1a234567",
            "TopicArn": "arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic",
            "Subject": "Notification from AWS Backup",
            "Message": "An AWS Backup job failed to complete in time. Resource ARN : arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e. BackupJob ID : 1b2345b2-f22c-4dab-5eb6-bbc7890ed123",
            "Timestamp": "2019-08-02T18:46:02.788Z",
            ...
            "MessageAttributes" : {
              "EventType" : {"Type":"String","Value":"BACKUP_JOB"},
              "State" : {"Type":"String","Value":"EXPIRED"},
              "AccountId" : {"Type":"String","Value":"123456789012"},
              "Id" : {"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},
              "StartTime" : {"Type":"String","Value":"2019-09-02T13:48:52.226Z"}
            }
        }
    }]
}

Amazon Backup notification command examples

You can use Amazon CLI commands to subscribe to, list, and delete Amazon SNS notifications for your Amazon Backup events.

Example put backup vault notification

The following command subscribes to an Amazon SNS topic for the specified backup vault that notifies you when a restore job is started or completed, or when a recovery point is modified.

aws backup put-backup-vault-notifications 
    --backup-vault-name myBackupVault 
    --sns-topic-arn arn:aws:sns:region:account-id:myBackupTopic
    --backup-vault-events RESTORE_JOB_STARTED RESTORE_JOB_COMPLETED RECOVERY_POINT_MODIFIED

Example get backup vault notification

The following command lists all events currently subscribed to an Amazon SNS topic for the specified backup vault.

aws backup get-backup-vault-notifications 
    --backup-vault-name myVault

The sample output is as follows:

{
    "SNSTopicArn": "arn:aws:sns:region:account-id:myBackupTopic",
    "BackupVaultEvents": [
        "RESTORE_JOB_STARTED",
        "RESTORE_JOB_COMPLETED",
        "RECOVERY_POINT_MODIFIED"
    ],
    "BackupVaultName": "myVault",
    "BackupVaultArn": "arn:aws:backup:region:account-id:backup-vault:myVault"
}

Example delete backup vault notification

The following command unsubscribes from an Amazon SNS topic for the specified backup vault.

aws backup delete-backup-vault-notifications 
    --backup-vault-name myVault

Specifying Amazon Backup as a service principal

Note

To allow Amazon Backup to publish SNS topics on your behalf, you must specify Amazon Backup as a service principal.

Include the following JSON in the access policy of the Amazon SNS topic that you use to track Amazon Backup events. You must specify the resource Amazon Resource Name (ARN) of your topic.

{
      "Sid": "My-statement-id",
      "Effect": "Allow",
      "Principal": {
        "Service": "backup.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:region:account-id:myTopic"
}

For more information about specifying a service principal in an Amazon SNS access policy, see Allowing Any Amazon Resource to Publish to a Topic in the Amazon Simple Notification Service Developer Guide.

Note

If your topic is encrypted, you must include additional permissions in your policy to allow Amazon Backup to publish to it. For more information about enabling services to publish to encrypted topics, see Enable Compatibility between Event Sources from Amazon Services and Encrypted Topics in the Amazon Simple Notification Service Developer Guide.