Introduction
This document provides a step-by-step guide on how to set up notifications for AWS Backup jobs using Amazon SNS (Simple Notification Service) and Amazon SQS (Simple Queue Service). By following these instructions, you can receive alerts for failed backup jobs via email and SQS, ensuring that you stay informed about the status of your backup operations.
Create an SNS Topic in AWS
- Sign in to the AWS Management Console.
- Navigate to the Amazon SNS dashboard.
- Click on Topics in the navigation panel.
- Click on Create topic.
- Choose Standard as the topic type.
- Enter Events as the topic name.
- Optionally, enter Events Display as the display name.
- Click Create topic to create the topic.
- Make sure the access policy of the created topic includes the following permissions.
{
"Sid": "AWSEvents_RULE-NAME_IdRANDOM-NUMBER-STRING",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sns:Publish",
"Resource": "SNS-TOPIC-ARN"
}
Create an Amazon SQS Standard Queue
- Open the Amazon SQS console at https://console.aws.amazon.com/sqs/.
- Choose Create queue.
- For Type, the Standard queue type is set by default.
- Enter a Name for your queue.
- Choose Encryption Enabled:
- Encryption key type: Amazon SQS key (SSE-SQS).
- Choose Access policy Basic:
- Define who can send messages to the queue: Only the queue owner.
- Define who can receive messages from the queue: Only the queue owner.
- Click Create queue.
- Make sure the access policy of the created queue includes the following permissions.
{
"Version": "2012-10-17",
"Id": "Policy1743159160686",
"Statement": [
{
"Sid": "AWSEvents_RULE-NAME_IdRANDOM-NUMBER-STRING",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": [
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:ReceiveMessage",
"sqs:SendMessage"
],
"Resource": "arn:aws:sqs:us-east-1:111111111111:examplequeue"
},
{
"Sid": "AWSEvents_RULE-NAME_IdRANDOM-NUMBER-STRING",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:us-east-1:111111111111:examplequeue",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sns:us-east-1:111111111111:exampletopic"
}
}
}
]
}
Create an Amazon SNS Subscription
To receive notifications for failed backup jobs, follow these steps:
- In the left navigation pane, choose Subscriptions.
- On the Subscriptions page, choose Create subscription.
- For Topic ARN, select the SNS topic you created.
- For Protocol, choose Amazon SQS.
- For Endpoint, select the SQS Queue.
- Choose Create subscription.
Create a Rule in Amazon EventBridge
Amazon EventBridge enables you to respond to events from AWS services and your own applications in real time. By creating a rule in Amazon EventBridge, you can define specific conditions to match incoming events and route them to designated targets.
See Getting started with Amazon EventBridge for more details for detailed step-by-step instructions.
Test AWS Backup Job Event
To test alerts for failed AWS Backup jobs:
- Open the AWS Backup console at https://console.aws.amazon.com/backup.
- On the Dashboard, choose Create an on-demand backup or navigate to Protected Resources and select Create an on-demand backup.
- On the Create on-demand backup page, select the resource type you want to back up (for example, EC2 for instance backup).
- Choose the name or Instance ID of the resource you want to protect (for example, Test VM (Instance ID)).
- Ensure that Create Backup Now is selected to initiate a backup immediately.
- Choose an Expire value.
- Choose an existing Backup vault or create a new one.
- Under the IAM role, choose Default.
- Optionally, assign tags to your on-demand backup by entering a Key and optional Value, then select Add tag.
- Click Create on-demand backup.This will take you to the Jobs page.
- From the list of jobs created, select a running job and stop it.
- You will receive an alert for the stopped backup job.