Automatically Backup your EC2 Instances using AWS Backups & Terraform

AWS and Terraform


What we’ll do

  • We’ll automatically create scheduled Image backups of an EC2 instance
  • We’ll also set a lifecycle policy on the backups so they’re automatically deleted after a 1 week retention
  • We’ll create the entire infrastructure (including a target EC2 instance to backup) in Terraform so that it’s easy to maintain in future


  • Basic knowledge of Terraform
  • Basic working knowledge of AWS (or another cloud provider)
  • And as always, an open mind :)
  • Terraform
  • An AWS account and AWS CLI
  • Your favourite IDE or a Text Editor


$ terraform --version
Terraform v0.13.3
$ aws configure
$ aws sts get-caller-identity
"Account": "123456789012",
"UserId": "AR#####:#####",
"Arn": "arn:aws:sts::123456789012:assumed-role/role-name/role-session-name"


terraform {
required_version = "~> 0.13.0"

required_providers {
aws = "~> 3.0"
$ cd ~/examples/aws-backups-terraform
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 3.0"...
- Installing hashicorp/aws v3.21.0...
- Installed hashicorp/aws v3.21.0 (signed by HashiCorp)
Terraform has been successfully initialized!
"project": "backups-example",
"region": "us-east-1",
"profile": "default",
"public_key": "<YOUR_PUBLIC_KEY>",
"attach_public_ip": false
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:# aws_instance.example-server will be created
+ resource "aws_instance" "example-server" {
+ ami = "ami-0be3f0371736d5394"
Plan: 2 to add, 0 to change, 0 to destroy
$ terraform applyAn execution plan has been generated and is shown below
Plan: 2 to add, 0 to change, 0 to destroy.Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:

IAM Roles and Policies

Backup Resources

  • We’re first creating a Backup Vault — this will store all our backups and allows you to search, restore, delete or copy them to a different region. It’s basically a management dashboard for your backups
  • Next we create a Backup Plan — this is where we specify the schedule, retention time, target vault and some other metadata for the backups. It’s a good idea to tag your backups so they’re easy to filter later on. The backup schedule is specified in cron format and the backups are automatically deleted once the retention period passes. Note however, that there can be a slight delay after the retention period has been exceeded for the deletion to occur and it doesn’t happen
  • Finally we create a Backup Selection — this is where you select the resources you want to backup and associate the previous Backup Plan to them. We’re targeting all resources with the Backup tag set to true. Note that the type of Backup changes based on the target resource. Since we’re targeting an EC2 instance an AMI Backup will be created. If we were to target a disk instead, a Snapshot would be created

Verify the Backups and Cleanup

$ terraform destroy




Backend developer @ Akatsuki Games

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store