Thanks to Ryan Brown at https://serverlesscode.com/post/lambda-schedule-ebs-snapshot-backups/ for most of this
Create the ebs-backup-worker role and attach the trust policy to it:
aws iam create-role --role-name ebs-backup-worker --assume-role-policy-document file://snapshot-trust.json
Attach the IAM policy to the role:
aws iam put-role-policy --role-name ebs-backup-worker --policy-name TakeSnapshots --policy-document file://snapshot-policy.json
In the AWS Console go to Lambda and click "Create a Lambda function"
- Click "skip" (we're creating our own code)
- Name: yourlambdafunction
- Description: your lambda function description
- Runtime: Python
- Code entry type: paste contents of schedule-ebs-snapshot-backups.py
- Handler: lambda_function.lambda_handler
- Role: select "ebs-backup-worker" from the list
- Customize if necessary
- Click "Next"
- Review
- Click "Create function"
- Click the "Event sources" tab
- Click "Add event source"
- Event source type: CloudWatch Events - Schedule
- Rule name: arbitrary
- Rule description: arbitrary
- Schedule expression: choose your frequency here - note that cron expressions are in UTC
- cron example:
cron(0 * * * ? *)
- cron example:
- Click "Submit"
- Click "Event sources" and copy the arn string for the scheduled event we just created
- Click "Test"
- Input test event
- Sample event template: Scheduled Event
- Paste the arn value you just copied into the resources section
- Click "Save"
- Click "Test" to test the function
- Input test event