By using AWS re:Post, you agree to the AWS re:Post Terms of Use

The EBS snapshot policy does not create a tag from the instance

0

Hi, I have created EC2 instances id-1 and id-2, in which I have created Tags:

for: id-1 Name = Instance1, backup_daily = yes

for: id-2 Name = Instance2, backup_daily = yes.

I have created an EBS snapshot policy:

instance Target instances with these tags: backup_daily: yes. Copy tags from source = yes Variable tags: instance-id: $ (instance-id); timestamp: $ (timestamp)

Based on this lifecycle policy, a snapshop will be created for both instances.

In the case of instance id-2, snapshop tags are created: instance-id: $ (instance-id); timestamp: $ (timestamp) Name: Instance2

In the case of instance id-1, however, only it will be created in tags instance-id: $ (instance-id); timestamp: $ (timestamp). The name = Instance1 tag is not created.

Where there may be a problem that the name tag is not created in the snapshot even though I have a Name tag in the instance, the lifecycle has "Copy tags from source = yes" and the same snapshot policy a Name tag in one case and no in the other.

Where is the problem?

Regards

Eduard

asked 3 years ago417 views
1 Answer
0

Hello Eduard. Are you receiving any error messages for the lifecycle policy within Amazon CloudWatch Events or CloudTrail Events?

The following are common reasons that your lifecycle policy is in an error state, or fails to create or copy Amazon Elastic Block Store (Amazon EBS) snapshots:

  • The lifecycle policy isn't turned on.
  • There are incorrect permissions on the policy.
  • You're using an AWS Identity and Access Management (IAM) role other than the default AWSDataLifecycleManagerDefaultRole, and there are issues with trust relationships.
  • There are duplicate tags on the policy.
  • There are duplicate tags on the policy.
  • Your resources are encrypted.

Creating a snapshot lifecycle policy

When creating a snapshot lifecycle policy, to copy all of the user-defined tags from the source volume to the snapshots created by the schedule, select Copy tags from source. To specify additional tags to assign to snapshots created by this schedule, choose Add tags.

The lifecycle policy is in an error state

A lifecycle policy in the error state can be caused by one or more of these issues:

  • There is a problem with your resource tags.
  • The Amazon Data Lifecycle Manager permissions aren't correct.
  • The IAM permissions aren't correct.

In addition, if you're using a custom IAM role, a trust relationship might not be attached to the role.

View information about what caused the error state by checking Amazon CloudWatch Events. The following are common errors and resolutions:

Duplicate tag key

If there are duplicate tags in your lifecycle policy, then a CloudTrail Event similar to the following appears. In the following example, the tag key Name is duplicated in the policy.

CreateSnapshot @2018-12-24T20:25:58.000Z UTC"errorCode": "Client.InvalidParameterValue",
 "errorMessage": "Duplicate tag key 'Name' specified.", 
    "requestParameters": {
        "volumeId": "vol-xxxxxxxxxxxx",
        "description": "Created for policy: policy-xxxxschedule: First Schedule",
  1. Open the Amazon EC2 console.
  2. Select Lifecycle Manager.
  3. Select your lifecycle policy, and then choose Actions, Modify Lifecycle Policy.
  4. In the Tag created EBS snapshots section, change the Key on the duplicated tag to a unique name.
  5. Select Update policy.

Tag (Name) is already defined in resource id vol-xxxxxxxxxxxx

If a tag that's defined in your lifecycle policy is already in use in a different lifecycle policy, then you might have an issue if:

  1. The lifecycle policy is in the same account, and
  2. The lifecycle policy is for the same resource.

In this case, a CloudTrail Event similar to the following appears:

CreateSnapshots---------------------------------------------------------------------------------
    "eventVersion": "1.05",
    "userIdentity": {
        "type": "AssumedRole",
   "eventTime": "2020-01-xxxxxxxx",
    "eventSource": "ec2.amazonaws.com",
    "eventName": "CreateSnapshots",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "dlm.amazonaws.com",
    "userAgent": "dlm.amazonaws.com",
    "errorCode": "Client.InvalidParameterCombination",
    "errorMessage": "Tag (Name) is already defined in resource id vol-xxxxxxxx.",
    "requestParameters": {
"requestParameters": {
        "CreateSnapshotsRequest": {
            "Description": "Created for policy: policy-xxxxxxxschedule: Default Schedule",
            "InstanceSpecification": {
                "ExcludeBootVolume": false,
                "InstanceId": "i-xxxxxxx"
            },

A volume or instance can have more than one policy associated with it, but tags can't be duplicated across policies. For more information, see Considerations for Amazon Data Lifecycle Manager.

To correct this error, do the following:

  1. View your lifecycle policies to determine which tag is duplicated.
  2. Create a new lifecycle policy using a different tag, or edit your current lifecycle policy to use a different tag.

Client.AuthFailure

The "Client.AuthFailure" error might occur if the custom lifecycle policy or the IAM user don't have permissions set correctly. The following is an example of a Client.AuthFailure caused by an inaccessible key:

"Client.AuthFailure","errorMessage": "The specified keyId
arn:aws:kms:us-west-1:xxxxxxxxxxxxx:key/4ad6a1d7-53ac-45a3-8f08-e6eccc948fdd is not accessible",

For instructions on setting permissions for Amazon Data Lifecycle Manager, see Permissions for Amazon Data Lifecycle Manager.

For instructions on setting permissions for IAM users to use Amazon Data Lifecycle Manager, see Permissions for IAM users.

Please refer to the following documentation for additional information: https://repost.aws/knowledge-center/troubleshoot-data-lifecycle-manager-ebs.

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions