Get all AWS Backup protected resources across all profiles and regions
In this blog, I will share one way to get all AWS Backup protected resources across all profiles and regions. Additionally, I will show how to query the backed-up EC2 state and the Backup tag.
Other blogs I wrote that may interest you:
- Get all AWS EC2 instances across all profiles and regions
- Get all AWS Backup recovery points grouped by resource name across all profiles and regions
Introduction
AWS Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises.
Would you like to know resources protected by AWS Backup across all profiles and regions?
In this blog I will share one way to get all AWS protected resources across all profiles and regions. Also, query the backed up EC2 state and Backup tag.
Prerequisites
To run the AWS Backup and the EC2 commands in this blog, you need to:
- Install and configure AWS Tools for PowerShell.
- Log in to all required AWS accounts/profiles.
- Set your IAM permissions to allow for AWS Backup and Amazon EC2 access.
PowerShell Cmdlets
This is a list of PowerShell cmdlets we will use.
- Get-AWSCredential Returns an AWSCredentials object initialized with from either credentials currently set as default in the shell or saved and associated with the supplied name from the local credential store.
- Get-BAKProtectedResourceList Returns an array of resources successfully backed up by Backup, including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type.
- Get-Culture Gets the current culture set in the operating system.
- Get-EC2Instance Describes the specified instances or all instances.
- Get-EC2Region Describes the Regions that are enabled for your account, or all Regions.
- Set-AWSCredential Saves AWS credentials to persistent store (-StoreAs) or temporarily for the shell using shell variable $StoredAWSCredentials.
- Set-DefaultAWSRegion Sets a default AWS region into the shell environment, accessible as $StoredAWSRegion.
List Protected Resources
First, we will get a list of protected resource using Get-BAKProtectedResourceList. The cmdlet returns LastBackupTime, ResourceArn, ResourceName and ResourceType. To prepare for next steps, we will use a collection to save the returned list.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# # Initialize output. $ProtectedResources = [System.Collections.ArrayList]::new() # Get resources successfully backed up by Backup. $ProtectedResourceList = Get-BAKProtectedResourceList # If there are resources backed up, continue. If ($ProtectedResourceList) { # Save each resource backup information. $ProtectedResources += ` $ProtectedResourceList | ` # For each backed up resource: ForEach-Object { [PSCustomObject]@{ ResourceName = $_.ResourceName LastBackupTime = $_.LastBackupTime ResourceType = $_.ResourceType ResourceArn = $_.ResourceArn } # [PSCustomObject]@{ } # ForEach-Object { } # If ($ProtectedResourceList) { # Display output $ProtectedResources # |
|
1 2 3 4 5 |
ResourceName LastBackupTime ResourceType ResourceArn ------------ -------------- ------------ ----------- DEV-Server1 11/17/2023 7:00:00 AM EC2 arn:aws:ec2:us-east-1:999999999999:instance/i-999999999999509a1 DEV-Server2 11/17/2023 7:00:00 AM EC2 arn:aws:ec2:us-east-1:999999999999:instance/i-999999999999f9842 DEV-Server3 7/2/2023 7:00:00 AM EC2 arn:aws:ec2:us-east-1:999999999999:instance/i-9999999999993f4c3 |
Get Backed up EC2 Information
Second, for the backed up EC2, we would like to query the EC2 state and Backup tag. To do that we need to query the EC2 information using Get-EC2Instance. We use $EC2.State.Name to get the EC2 state and $EC2.Tags to get the Backup tag value.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# # Initialize output. $ProtectedResources = [System.Collections.ArrayList]::new() # Get resources successfully backed up by Backup. $ProtectedResourceList = Get-BAKProtectedResourceList # If there are resources backed up, continue. If ($ProtectedResourceList) { # Get all instances. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) $EC2s = (Get-EC2Instance).Instances # Save each resource backup information. $ProtectedResources += ` $ProtectedResourceList | ` # For each backed up resource: ForEach-Object { # Calculate InstanceId from ResourceArn $InstanceId = $_.ResourceArn.Split("/")[1] # Get corresponding EC2. $EC2 = $EC2s | Where-Object {$_.InstanceId -eq $InstanceId} # Get backed up resource state. $State = If ($EC2) { $EC2.State.Name } Else { "Does not exist" } [PSCustomObject]@{ ResourceName = $_.ResourceName InstanceId = $InstanceId LastBackupTime = $_.LastBackupTime ResourceType = $_.ResourceType State = (Get-Culture).TextInfo.ToTitleCase($State) BackupTag = If ($EC2) { ($EC2 | Select-Object -ExpandProperty tags | Where-Object -Property Key -eq Backup).value } Else { "" } } # [PSCustomObject]@{ } # ForEach-Object { } # If ($ProtectedResourceList) { # Display output $ProtectedResources | Format-Table # |
|
1 2 3 4 5 |
ResourceName InstanceId LastBackupTime ResourceType State BackupTag ------------ ---------- -------------- ------------ ----- --------- DEV-Server1 i-999999999999509a1 11/17/2023 7:00:00 AM EC2 Running Excluded DEV-Server2 i-999999999999f9842 11/17/2023 7:00:00 AM EC2 Stopped DEV-Server3 i-9999999999993f4c3 7/2/2023 7:00:00 AM EC2 Does Not Exist |
List Protected Resources across all Regions
Third, we will list protected resources across all regions for the active account. To start, we will get a list of supported regions then repeat the previous process for each region.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# # Initialize output. $ProtectedResources = [System.Collections.ArrayList]::new() # Get a list of supported regions. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Region.html) $EnabledRegions = (Get-EC2Region | Sort-Object RegionName).RegionName # For each region: ForEach ($Region in $EnabledRegions) { # Set Default region. (https://docs.aws.amazon.com/powershell/latest/reference/items/Set-DefaultAWSRegion.html) Set-DefaultAWSRegion $Region # Get resources successfully backed up by Backup. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKProtectedResourceList.html) $ProtectedResourceList = Get-BAKProtectedResourceList #-ErrorAction SilentlyContinue # If there are resources backed up, continue. If ($ProtectedResourceList) { # Get all instances. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) $EC2s = (Get-EC2Instance).Instances # Save each resource backup information. $ProtectedResources += ` $ProtectedResourceList | ` # For each backed up resource: ForEach-Object { # Calculate InstanceId from ResourceArn $InstanceId = $_.ResourceArn.Split("/")[1] # Get corresponding EC2. $EC2 = $EC2s | Where-Object {$_.InstanceId -eq $InstanceId} # Get backed up resource state. $State = If ($EC2) { $EC2.State.Name } Else { "Does not exist" } [PSCustomObject]@{ Region = $Region ResourceName = $_.ResourceName InstanceId = $InstanceId LastBackupTime = $_.LastBackupTime ResourceType = $_.ResourceType State = (Get-Culture).TextInfo.ToTitleCase($State) BackupTag = If ($EC2) { ($EC2 | Select-Object -ExpandProperty tags | Where-Object -Property Key -eq Backup).value } Else { "" } } # [PSCustomObject]@{ } # ForEach-Object { } # If ($ProtectedResourceList) { } # ForEach ($Region # Display output $ProtectedResources | Format-Table # |
|
1 2 3 4 5 6 7 |
Region ResourceName InstanceId LastBackupTime ResourceType State BackupTag --------- ------------ ---------- -------------- ------------ ----- --------- us-east-1 DEV-Server1 i-999999999999509a1 11/17/2023 7:00:00 AM EC2 Running Excluded us-east-1 DEV-Server2 i-999999999999f9842 11/17/2023 7:00:00 AM EC2 Stopped us-east-1 DEV-Server3 i-9999999999993f4c3 7/2/2023 7:00:00 AM EC2 Does Not Exist us-east-2 DEV-Server4 i-999999999999ddff7 6/20/2023 7:00:00 AM EC2 Does Not Exist us-east-2 DEV-Server5 i-999999999999753b7 6/20/2023 7:00:00 AM EC2 Stopped TBD |
List Protected Resources for all Profiles across all Regions
Last, we will list protected resources for all profiles across all regions. To start, we will get a list of all profiles then repeat the previous process for each profile.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
## # Get the names of all CredentialProfiles saved in local storage. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-AWSCredential.html) $Profiles = (Get-AWSCredential -ListProfileDetail | Where-Object {$_.ProfileName -notlike "default"} | Sort-Object ProfileName).ProfileName # Initialize output. $ProtectedResources = [System.Collections.ArrayList]::new() # For each profile: ForEach ($Profile in $Profiles) { Write-Host "*** Profile: $Profile" # Set the default profile. (https://docs.aws.amazon.com/powershell/latest/reference/items/Set-AWSCredential.html) Set-AWSCredential -ProfileName $Profile # Get a list of supported regions. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Region.html) $EnabledRegions = (Get-EC2Region | Sort-Object RegionName).RegionName # For each region: ForEach ($Region in $EnabledRegions) { # Set Default region. (https://docs.aws.amazon.com/powershell/latest/reference/items/Set-DefaultAWSRegion.html) Set-DefaultAWSRegion $Region # Get resources successfully backed up by Backup. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKProtectedResourceList.html) $ProtectedResourceList = Get-BAKProtectedResourceList #-ErrorAction SilentlyContinue # If there are resources backed up, continue. If ($ProtectedResourceList) { Write-Host "`tRegion: $Region" # Get all instances. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) $EC2s = (Get-EC2Instance).Instances # Save each resource backup information. $ProtectedResources += ` $ProtectedResourceList | ` # For each backed up resource: ForEach-Object { # Calculate InstanceId from ResourceArn $InstanceId = $_.ResourceArn.Split("/")[1] # Get corresponding EC2. $EC2 = $EC2s | Where-Object {$_.InstanceId -eq $InstanceId} # Get backed up resource state. $State = If ($EC2) { $EC2.State.Name } Else { "Does not exist" } [PSCustomObject]@{ Profile = $Profile Region = $Region ResourceName = $_.ResourceName InstanceId = $InstanceId LastBackupTime = $_.LastBackupTime ResourceType = $_.ResourceType State = (Get-Culture).TextInfo.ToTitleCase($State) BackupTag = If ($EC2) { ($EC2 | Select-Object -ExpandProperty tags | Where-Object -Property Key -eq Backup).value } Else { "" } } # [PSCustomObject]@{ } # ForEach-Object { } # If ($ProtectedResourceList) { } # ForEach ($Region } # ForEach ($Profile # Display output $ProtectedResources | Format-Table # |
|
1 2 3 4 5 6 7 8 9 |
Profile Region ResourceName InstanceId LastBackupTime ResourceType State BackupTag ------- --------- ------------ ---------- -------------- ------------ ----- --------- Saad_Dev_1 us-east-1 DEV-Server1 i-999999999999509a1 11/17/2023 7:00:00 AM EC2 Running Excluded Saad_Dev_1 us-east-1 DEV-Server2 i-999999999999f9842 11/17/2023 7:00:00 AM EC2 Stopped Saad_Dev_1 us-east-1 DEV-Server3 i-9999999999993f4c3 7/2/2023 7:00:00 AM EC2 Does Not Exist Saad_Dev_1 us-east-2 DEV-Server4 i-999999999999ddff7 6/20/2023 7:00:00 AM EC2 Does Not Exist Saad_Dev_1 us-east-2 DEV-Server5 i-999999999999753b7 6/20/2023 7:00:00 AM EC2 Stopped TBD Saad_Prod_1 us-east-1 PROD-Server1 i-99999999999945871 11/17/2023 7:00:00 AM EC2 Running Excluded Saad_prod_1 us-east-1 PROD-Server2 i-999999999999de667 11/17/2023 7:00:00 AM EC2 Stopped |
Conclusion
Can you believe it? You’ve made it to the end of this blog. The code may be challenging, difficult or lengthy but you have made it. Congratulations.
We looked at how to get all AWS protected resources across all profiles and regions. Also, query the backed up EC2 state and Backup tag.
Did you find this blog easy to follow and helpful to you? I certainly would love to hear your feedback and suggestions. So, let me know in the comments below. Happy PowerShelling.
Disclaimer
Purpose of the code contained in blog is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.
Comments
Related Posts
Use PowerShell to request a public certificate from AWS Certificate Manager
By 13990 views August 1, 2024
List all AWS Certificate Manager certificates
By 14118 views July 31, 2024
Get all AWS EBS snapshots across all profiles and regions
By 18476 views June 26, 2024
AWS IAM role is not listed in the IAM roles dropdown menu for EC2
By 18309 views June 25, 2024
Get all AWS Backup recovery points grouped by resource name across all profiles and regions
By 19749 views June 14, 2024
There's no comments