AWS Backup jobs for EFS file systems are empty
I have a backup plan:
{
"BackupPlan": {
"BackupPlanName": "prometheus_dev",
"Rules": [
{
"RuleName": "prometheus_dev",
"TargetBackupVaultName": "prometheus_eu_central_1_dev",
"ScheduleExpression": "cron(15 * ? * * *)",
"StartWindowMinutes": 60,
"CompletionWindowMinutes": 180,
"Lifecycle": {
"DeleteAfterDays": 7
},
"RuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25",
"CopyActions": [
{
"Lifecycle": {
"DeleteAfterDays": 7
},
"DestinationBackupVaultArn": "arn:aws:backup:eu-west-1:614797193252:backup-vault:prometheus_backup_eu_west_1_dev"
}
],
"EnableContinuousBackup": false
}
]
},
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"VersionId": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"CreationDate": "2023-10-13T13:42:22.048000+02:00",
"LastExecutionDate": "2023-10-20T11:16:48.451000+02:00"
}
The file system is protected:
{
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"ResourceType": "EFS",
"LastBackupTime": "2023-10-20T11:22:48.159000+02:00",
"ResourceName": "prometheus_dev"
}
And backups are taken hourly:
// ...
{
"AccountId": "614797193252",
"BackupJobId": "06178992-5DF7-17BA-1E38-C969357B644A",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:58cb7957-5b0c-4038-a579-af78aadbc506",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T08:15:00+02:00",
"CompletionDate": "2023-10-20T08:25:07.003000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"CreatedBy": {
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanVersion": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"BackupRuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25"
},
"StartBy": "2023-10-20T09:15:00+02:00",
"ResourceType": "EFS",
"IsParent": false,
"ResourceName": "prometheus_dev"
},
{
"AccountId": "614797193252",
"BackupJobId": "DE456E1F-1A49-4A36-507A-32646DD0AE85",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:998837d7-e0c8-4505-9d4f-ff19ca1f69c7",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T07:15:00+02:00",
"CompletionDate": "2023-10-20T07:25:52.381000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"CreatedBy": {
"BackupPlanId": "830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanArn": "arn:aws:backup:eu-central-1:614797193252:backup-plan:830e8bb0-e3c6-4a96-8fe9-45a3ab97de40",
"BackupPlanVersion": "YzUxMjhkODgtZTc0MC00NDA1LWEwYzktNmE4NDFhMDE5MTA4",
"BackupRuleId": "ffcd7e8c-9b14-4e2b-89f0-d8cbe5b5ae25"
},
"StartBy": "2023-10-20T08:15:00+02:00",
"ResourceType": "EFS",
"IsParent": false,
"ResourceName": "prometheus_dev"
},
// ...
The problem is that ALL recovery points are empty, even if the file system is not:
{
// ...
"SizeInBytes": {
"Value": 67465216,
"Timestamp": "2023-10-20T10:41:44+02:00",
"ValueInIA": 0,
"ValueInStandard": 67465216
}
// ...
}
I've also tried to start a backup job:
aws backup start-backup-job \
--backup-vault-name prometheus_eu_central_1_dev \
--resource-arn arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e \
--iam-role-arn arn:aws:iam::614797193252:role/prometheus_backup_dev
Which produced the following response:
{
"BackupJobId": "7a010939-11cd-4d6f-bf2e-bbec0fc50452",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:ac338f60-9a4e-4c24-817e-2e0e15a72d03",
"CreationDate": "2023-10-20T11:22:48.159000+02:00",
"IsParent": false
}
But again the backup is empty:
{
"AccountId": "614797193252",
"BackupJobId": "7a010939-11cd-4d6f-bf2e-bbec0fc50452",
"BackupVaultName": "prometheus_eu_central_1_dev",
"BackupVaultArn": "arn:aws:backup:eu-central-1:614797193252:backup-vault:prometheus_eu_central_1_dev",
"RecoveryPointArn": "arn:aws:backup:eu-central-1:614797193252:recovery-point:ac338f60-9a4e-4c24-817e-2e0e15a72d03",
"ResourceArn": "arn:aws:elasticfilesystem:eu-central-1:614797193252:file-system/fs-0318e5506f10caf1e",
"CreationDate": "2023-10-20T11:22:48.159000+02:00",
"CompletionDate": "2023-10-20T11:22:55.105000+02:00",
"State": "COMPLETED",
"PercentDone": "100.0",
"BackupSizeInBytes": 0,
"IamRoleArn": "arn:aws:iam::614797193252:role/prometheus_backup_dev",
"ResourceType": "EFS",
"BytesTransferred": 0,
"StartBy": "2023-10-20T19:22:48.159000+02:00",
"IsParent": false,
"ResourceName": "prometheus_dev"
}
Why are these backups empty? How can i further debug this?
I see no errors anywhere, and the role used has the necessary permissions, since it's using AWS managed policy.
EDIT:
- After @Tsal Troser, I noticed I forgot to mention that the reason I discovered that EFS backups, for some reason, are not working, is exactly because I tried to use a recovery point to create a new EFS. The EFS is created, but it is empty.
- The same can't be said for RDS recovery points. Although describing a backup also shows a
BackupSizeInBytesas0, creating an instance from the recovery point provisions an instance with data as expected.
EDIT 2:
- Data is restored but to a backup folder, not to the original location. See answer below or https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-efs.html
Solution
Because AWS Backup perform incremental backups. The initial backup will be a full backup then the following, even the on-demand backup, will be an incremental backup.
AWS Backup performs incremental backups of EFS file systems. During the initial backup, a copy of the entire file system is made. During subsequent backups of that file system, only files and directories that have been changed, added, or removed are copied. https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#incremental-backup
"BackupSizeInBytes": 0,
This just mean that from the last recovery point/backup to the next, there wasn't any change.
I checked my backups as well and I got the same. But that's because I'm not actively using my EFS.
{
> aws backup describe-recovery-point --backup-vault-name myEfsVault --recovery-point-arn <recoveryPointArn>
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T07:00:00+02:00",
"CompletionDate": "2023-10-20T09:15:48.157000+02:00",
"BackupSizeInBytes": 0,
...
}
Here's what you can do to confirm your backup integrity:
- Perform a full restore and check if your files are there. You can cross check with the original.
- Upload a large file in your EFS then perform an on-demand backup then check the backup job/recovery point details.
Bonus
Here's an AWS recommendation for performing data recovery validation with AWS Backup.
https://aws.amazon.com/blogs/storage/automate-data-recovery-validation-with-aws-backup/
Edit
Backup testing
New Initial Backup
}
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T14:54:57.001000+02:00",
"CompletionDate": "2023-10-20T14:55:07.614000+02:00",
"BackupSizeInBytes": 1199258039,
...
}
Followup on-demand backup:
{
...
"Status": "COMPLETED",
"CreationDate": "2023-10-20T14:57:43.050000+02:00",
"CompletionDate": "2023-10-20T14:57:50.314000+02:00",
"BackupSizeInBytes": 0,
...
}
Restore test:
Restore job:
Restored EFS and Original EFS (Original names redacted):
Create Mount Targets (Select subnet, SG, AZ)
Mount restored FS and check contents:
[root@test-server ~]# mkdir /efs-restore
[root@test-server ~]# mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,mountport=2049 10.10.10.113:/ /efs-restore
[root@test-server efs-restore]# df -h /efs-restore
Filesystem Size Used Avail Use% Mounted on
10.10.10.113:/ 8.0E 0 8.0E 0% /efs-restore
[root@test-server efs-restore]# ll /efs-restore
drwxrwxr-x 4 root root 6144 Aug 14 12:39 aws-backup-restore_2023-10-20T13-00-49-858648977Z
[root@test-server efs-restore]# ll /efs-restore/aws-backup-restore_2023-10-20T13-00-49-858648977Z/
drw--w---- 2 root root 6144 Oct 20 15:00 aws-backup-lost+found_2023-10-20T13-00-32-067742883Z
drwxrwxr-x 3 ec2-user ec2-user 6144 Aug 1 11:38 logs # <-- my application logs
[root@test-server efs-restore]# ll /efs-restore/aws-backup-restore_2023-10-20T13-00-49-858648977Z/logs/path/to/my/application/
total 100
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 12 14:55 ip-10-10-4-123
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 12 17:55 ip-10-10-4-127
drwxrwxr-x 3 ec2-user ec2-user 6144 Sep 11 16:50 ip-10-10-4-151
drwxr-xr-x 3 ec2-user ec2-user 6144 Oct 11 09:28 ip-10-10-4-160
Restore test 2:
Deleted the initial backup full backup to simulate the retention period. Then performed another restore, everything is still there.
- AWS CLI Create Default VPC
- Email address is not verified (AWS SES)
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"
- mTLS on AWS ALBs across multiple regions
- How to debug a aws lambda function?
- AWS SAM retrieve secret value from Secret Manager with dynamic referencing
- Cloudfront redirect when signed cookies not present
- Is there a wildcard character in AWS EventBridge rules?
- Laravel file upload s3 Multipart
- Increase EC2 disk storage without losing any data
- AWS Lambda triggers SES in VPC
- Setting HTTP Headers with Lambda@Edge
- How to find an Amazon EC2 AMI if I only have the id?
- AWS Lambda - Can't set memory larger than 3008 MB
- Which one is the cheapest to use AWS RDS or my own database?
- AWS Glue Please verify role's TrustPolicy
- How to create event bus events with source 'aws.'?
- Terraform and AWS: No Configuration Files Found Error
- How to transfer the packets through NAT gateway instead of public IP?
- Is Aws well architected framework supports API's?
- Can't delete AWS internet Gateway
- Unable to Trigger Lambda function in AWS using Python code from my local setup
- How to login with AWS CLI using credentials profiles
- How to retrieve multiple endpoints using data "aws_vpc_endpoint" resource?
- When pushing to ECS, Docker image errors out with module not found error
- Is there a way to drop file extensions when using AWS CLI with --recursive?
- On-demand self-hosted AWS EC2 runner for GitHub Actions
- How to manage dev and prod environments in a SAM project with CloudFormation Stacks, API Gateway, Lambda, and other AWS services?
- EC2 Instance error telling me multiple IAM Roles are attached when I try to change it...?
- (NoSuchVersion) when calling the GetObject operation: The specified version does not exist