Get all AWS Backup recovery points grouped by resource name across all profiles and regions
In this blog I will share one way to get all AWS Backup recover points grouped by resource name across all profiles and regions including backup vault name, resource name, resource type and recovery points count. You can either display the result, export it to a file, or both.
Explore my other articles about AWS services:
- Get all AWS EC2 instances across all profiles and regions
- Get all AWS Backup protected resources across all profiles and regions
Introduction
Within the AWS Management Console, use AWS Backup to get a list of available backup recovery points for a specific account and a specific region. To get AWS Backup resources across multiple AWS accounts, use instructions included in Managing AWS Backup resources across multiple AWS accounts.
I needed a summary list of resources recover points across all profiles and regions grouped by resource name. Hence, use PowerShell and AWS Tools for PowerShell to accomplish this task.
Prerequisites
- Install and configure AWS Tools for PowerShell.
- Log in to all required AWS accounts/profiles.
- Set your IAM permissions to allow access to the required resources.
PowerShell Cmdlets
- Get-BAKRecoveryPointsByBackupVaultList Returns detailed information about the recovery points stored in a backup vault.
- Group-Object Groups objects that contain the same value for specified properties.
- Get-BAKBackupVaultList Returns a list of recovery point storage containers along with information about them.
- Get-ACCTRegionList Lists all the Regions for a given account and their respective opt-in statuses. Optionally, filter this list by the region-opt-status-contains parameter.
- Get-AWSCredential Returns an AWSCredentials object initialized from either credentials currently set as default in the shell or saved and associated with the supplied name from the local credential store.
Get recovery points stored in a backup vault
First, I used Get-BAKRecoveryPointsByBackupVaultList cmdlet to get a list of recovery points stored in a backup vault.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
$Profile = "Production" $Region = "us-east-1" $BackupVaultName = "Automation_GeneralBackup-BackupVault" $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $RecoveryPoints | Select * -First 1 <# One of the returned objects: BackupSizeInBytes : 1406601789440 BackupVaultArn : arn:aws:backup:us-east-1:999999999999:backup-vault:Automation_GeneralBackup-BackupVault BackupVaultName : Automation_GeneralBackup-BackupVault CalculatedLifecycle : Amazon.Backup.Model.CalculatedLifecycle CompletionDate : 6/3/2024 7:27:04 AM CompositeMemberIdentifier : CreatedBy : Amazon.Backup.Model.RecoveryPointCreator CreationDate : 6/3/2024 7:00:00 AM EncryptionKeyArn : arn:aws:kms:us-east-1:999999999999:key/48556f3d-2e8d-4d89-9f99-abcd99999999 IamRoleArn : arn:aws:iam::999999999999:role/AutomationBackupServiceRole IsEncrypted : True IsParent : False LastRestoreTime : 1/1/0001 12:00:00 AM Lifecycle : Amazon.Backup.Model.Lifecycle ParentRecoveryPointArn : RecoveryPointArn : arn:aws:ec2:us-east-1::image/ami-04e9aff4e45bfbe55 ResourceArn : arn:aws:ec2:us-east-1:999999999999:instance/i-0b101b48499999999 ResourceName : PRD-UTIL01 ResourceType : EC2 SourceBackupVaultArn : Status : COMPLETED StatusMessage : VaultType : BACKUP_VAULT #> |
Group backup recovery points by resource name
Second, we group returned backup recovery points by resource name by using Group-Object and sort by resource name. Note: we used -NoElement to omit viewing group members, only for now.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
$Profile = "Production" $Region = "us-east-1" $BackupVaultName = "Automation_GeneralBackup-BackupVault" $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $RecoveryPoints | Group-Object -Property ResourceName -NoElement | Sort-Object Name <# Sample output: Count Name ----- ---- 30 PRD-UTIL01 54 PRD-SQL01 20 PRD-SQL02 #> |
Build required output
Third, we need to build required output “Profile”, “Region”, “BackupVaultName”, “Name”, “ResourceType”, “ResourceId”, “State” and “Count”. Since backup recovery points are grouped by resource name, each group members are for the same resource, hence the usage of Group[0].
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
$Profile = "Production" $Region = "us-east-1" $BackupVaultName = "Automation_GeneralBackup-BackupVault" # Get a list of backup recover points. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKRecoveryPointsByBackupVaultList.html) $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $RecoveryPoints | Sort-Object -Property Name | Select @{N="Profile";E={$Profile}}, ` @{N="Region";E={$Region}}, ` @{N="BackupVaultName";E={$BackupVault.BackupVaultName}}, ` @{N="Name";E={$_.Name.ToUpper()}}, ` @{N="ResourceType";E={$_.Group[0].ResourceType}}, ` @{N="ResourceId";E={$_.Group[0].ResourceArn.Split("/")[1]}}, Count <# Sample output: Profile : Production Region : us-east-1 BackupVaultName : Automation_GeneralBackup-BackupVault Name : PRD-UTIL01 ResourceType : EC2 ResourceId : i-0b101b48499999999 Count : 30 Profile : Production Region : us-east-1 BackupVaultName : Automation_GeneralBackup-BackupVault Name : PRD-SQL01 ResourceType : EC2 ResourceId : i-0b101b48499999910 Count : 54 #> |
Backup recovery points across all backup vaults
Fourth, we need to query for recovery points across all backup vaults and run the above commands for each.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$Profile = "Production" $Region = "us-east-1" $Output = @() # Get a list of enabled regions. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-ACCTRegionList.html) $BackupVaults = Get-BAKBackupVaultList -ProfileName $Profile -Region $Region | Sort-Object -Property BackupVaultName ForEach ($BackupVault in $BackupVaults) { $BackupVault.BackupVaultName # Get a list of backup recover points. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKRecoveryPointsByBackupVaultList.html) $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVault.BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $Output += $RecoveryPoints | Group-Object -Property ResourceName | Sort-Object -Property Name | Select @{N="Profile";E={$Profile}}, @{N="Region";E={$Region}}, @{N="BackupVaultName";E={$BackupVault.BackupVaultName}}, @{N="Name";E={$_.Name.ToUpper()}}, @{N="ResourceType";E={$_.Group[0].ResourceType}}, @{N="ResourceId";E={$_.Group[0].ResourceArn.Split("/")[1]}}, Count } $Output |
Backup recovery points across all backup vaults across all supported regions
Fifth, we get a list of enabled region for the current account then repeat the above commands.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
$Profile = "Production" $Output = @() # Get a list of enabled regions. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-ACCTRegionList.html) $EnabledRegions = (Get-ACCTRegionList -ProfileName $Profile -Region $DefaultRegion -RegionOptStatusContain @("ENABLED","ENABLED_BY_DEFAULT") | Sort-Object RegionName).RegionName # For each region: ForEach ($Region in $EnabledRegions) { Write-Host ("--- Region: $Region") # Get a list of backup vaults. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKBackupVaultList.html) $BackupVaults = Get-BAKBackupVaultList -ProfileName $Profile -Region $Region | Sort-Object -Property BackupVaultName ForEach ($BackupVault in $BackupVaults) { Write-Host ("`t$($BackupVault.BackupVaultName)") # Get a list of backup recover points. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKRecoveryPointsByBackupVaultList.html) $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVault.BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $Output += $RecoveryPoints | Group-Object -Property ResourceName | Sort-Object -Property Name | Select @{N="Profile";E={$Profile}}, @{N="Region";E={$Region}}, @{N="BackupVaultName";E={$BackupVault.BackupVaultName}}, @{N="Name";E={$_.Name.ToUpper()}}, @{N="ResourceType";E={$_.Group[0].ResourceType}}, @{N="ResourceId";E={$_.Group[0].ResourceArn.Split("/")[1]}}, Count } } $Output |
Backup recovery points across all backup vaults across all supported regions for all profiles
Finally, we get a list of existing profiles then repeat the above commands.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
$DefaultRegion = "us-east-1" $Output = @() # Get the names of all Credential/Profiles saved in local storage. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-AWSCredential.html) $Profiles = (Get-AWSCredential -ListProfileDetail | Where-Object {$_.ProfileName -notlike "default"} | Sort-Object ProfileName).ProfileName ForEach ($Profile in $Profiles) { Write-Host ("*** Profile: $Profile") # Get a list of enabled regions. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-ACCTRegionList.html) $EnabledRegions = (Get-ACCTRegionList -ProfileName $Profile -Region $DefaultRegion -RegionOptStatusContain @("ENABLED","ENABLED_BY_DEFAULT") | Sort-Object RegionName).RegionName # For each region: ForEach ($Region in $EnabledRegions) { Write-Host ("`t--- Region: $Region") # Get a list of backup vaults. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKBackupVaultList.html) $BackupVaults = Get-BAKBackupVaultList -ProfileName $Profile -Region $Region | Sort-Object -Property BackupVaultName ForEach ($BackupVault in $BackupVaults) { Write-Host ("`t`t$($BackupVault.BackupVaultName)") # Get a list of backup recover points. (https://docs.aws.amazon.com/powershell/latest/reference/items/Get-BAKRecoveryPointsByBackupVaultList.html) $RecoveryPoints = Get-BAKRecoveryPointsByBackupVaultList -BackupVaultName $BackupVault.BackupVaultName -ProfileName $Profile -Region $Region | Sort-Object ResourceName, ResourceType $Output += $RecoveryPoints | Group-Object -Property ResourceName | Sort-Object -Property Name | Select @{N="Profile";E={$Profile}}, @{N="Region";E={$Region}}, @{N="BackupVaultName";E={$BackupVault.BackupVaultName}}, @{N="Name";E={$_.Name.ToUpper()}}, @{N="ResourceType";E={$_.Group[0].ResourceType}}, @{N="ResourceId";E={$_.Group[0].ResourceArn.Split("/")[1]}}, Count } } } $Output <# Sample output: *** Profile: Production --- Region: us-east-1 Automation_GeneralBackup-BackupVault --- Region: us-east-2 Default --- Region: us-west-1 --- Region: us-west-2 #> |
Conclusion
Can you believe it? You’ve made it to the end of this blog. The code may be challenging, difficult or lengthy but you have made it. Congratulations.
I used PowerShell and AWS Tools for PowerShell to get recovery points grouped by resource name across all profiles and regions. You can either display the result, export it to a file, or both.
Did you find this blog easy to follow and helpful to you? I certainly would love to hear your feedback and suggestions. So, let me know in the comments below. Happy PowerShelling.
Disclaimer
Purpose of the code contained in blog is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.
Comments
Related Posts
Use PowerShell to request a public certificate from AWS Certificate Manager
By 13955 views August 1, 2024
List all AWS Certificate Manager certificates
By 14083 views July 31, 2024
Get all AWS EBS snapshots across all profiles and regions
By 18441 views June 26, 2024
AWS IAM role is not listed in the IAM roles dropdown menu for EC2
By 18274 views June 25, 2024
Get all AWS EC2 instances across all profiles and regions
By 33192 views November 27, 2023
There's no comments