Automate AWS EC2 Backups to S3 Using Lambda – Step-by-Step Guide
Raise your hand if you’ve ever lost sleep worrying about forgetting to back up your EC2 instance. Let’s fix that with automated AWS backups that work while you sleep!
🚀 Why Automate Backups?
- 🚨 Disaster Avoidance: Survive “Oops, I deleted the wrong thing” moments
- ⏰ Reclaim Your Time: No more 2 AM manual backups
- 📉 Cost Control: S3 + auto-delete = budget-friendly
- 🔒 Audit-Ready: Proof of backups without spreadsheet chaos
🛠️ What You’ll Need
- AWS account (Free Tier works!)
- One EC2 instance you care about
- 10 minutes and coffee ☕
🔧 Step-by-Step Setup
Step 1: Create Your S3 Backup Vault
- Go to S3 Console
- Click Create bucket
- Name:
ec2-backup-vault-[your-initials] - Keep Block Public Access ENABLED
- Click Create bucket
Step 2: Create IAM Role
- Go to IAM Roles
- Create role → Choose Lambda
- Attach policies:
- AmazonEC2FullAccess
- AmazonS3FullAccess
- Name:
LambdaBackupMaster
Step 3: Create Lambda Function
import boto3
from datetime import datetime
ec2 = boto3.client('ec2')
s3 = boto3.client('s3')
def lambda_handler(event, context):
instance_id = 'i-0123456789abcdef0' # ← Replace!
volume_id = 'vol-0123456789abcdef0' # ← Replace!
snapshot = ec2.create_snapshot(
VolumeId=volume_id,
Description=f"Autobackup {instance_id} - {datetime.utcnow().strftime('%Y-%m-%d')}"
)
s3.put_object(
Bucket='ec2-backup-vault-[your-initials]', # ← Your bucket name
Key=f'backup-log/{instance_id}-{datetime.utcnow().isoformat()}.txt',
Body=f"Backup created at {datetime.utcnow()}:\n{str(snapshot)}"
)
return {'status': '💪 Backup successful. Go enjoy your day.'}
Step 4: Schedule Daily Backups
- In Lambda, click Add trigger
- Choose EventBridge (CloudWatch Events)
- Create new rule:
DailyBackupAlarm - Schedule:
rate(1 day)
Step 5: Auto-Delete Old Backups (Optional)
- Go to S3 bucket → Management
- Create lifecycle rule:
30-DayCleanup - Set expiration: 30 days
🔒 Secure IAM Policy (Bonus)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SnapshotCreateAndS3Log",
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:DescribeVolumes"
],
"Resource": "*"
},
{
"Sid": "WriteToSpecificBucket",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::ec2-backup-vault-[your-initials]/*"
}
]
}
🎉 You’re Done! Now:
- Test your Lambda function
- Check S3 for backup logs
- Verify EC2 snapshots