How to Automatically Create a Snapshot

Amimoto AMI has AWS CLI installed in it, which is a tool that allows you to use and manage various services of AWS from the command line.

By using this and cron, you will be able to automatically create the server image backup (snapshot) regularly.

Here, I will explain how to create an IAM user to use AWS CLI and introduce a shell script that creates a snapshot of the volume attached to the running instance.

Creating an IAM User

In order to use the various APIs provided by AWS, Access Key and Secret Access Key are required.
It is possible to get these by using the AWS Identity and Access Management (IAM) service.

In AWS IAM management screen, we will show you how to get the Access Key and how to create a user with necessary privileges to create snapshots.

Creating a Custom Policy

Various policies by default are available in IAM. However, a policy with only snapshot authority is not available, so we will create a custom policy.

First, go to IAM Policy Management Screen.


From there, click Create Policy.


Step 1: Choose Create Your Own Policy 

If you click Create Your Own Policy, Step 2 is skipped and you will directed to Step 3 immediately.

Enter the following information and please click Create Policy. 

Policy Name

Set the Policy Name



Enter the appropriate description for your Policy.

Policy Document

Here, I set the policy in JSON format.

By entering the following, it allows to read the EC2 values and create and delete Snapshot.

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": "*"

Create a Group

Then create a group that has been applied to the policy that you created earlier. You can also set a policy directly to a user. However, because the management user can become increasingly complicated, you can set the policy to a group, where the user belongs to a group with the policy you want to use. With this, management will be much easier.


At the IAM Group Management Screen, click Create New Group.

Step 1: Set the group name. At the Group Name column, enter a meaningful name such as create_snapshot and click the Next Step button.

Step 2: Select the policy to apply to this group. The policy created earlier wasAmazonEC2CreateSnapshots . Click the Next Step button.

Step 3: You will see what you have set in Step1, Step2 now. If there are no problems, please create a group by clicking Create Group. If a mistake is found, you can return to Step 2 by clicking the Previous button.

Creating a User

You may finally create a user using the AWS CLI to get the Access Key and Secret Access Key.


In the IAM User Management Screen, click Create New Users button.

Step 1: Set the name of the user to be created. Enter User Names by entering a user name in the field, then click Create. You may create 5 people (maximum) at the same time.

When the user’s creation is successful, you will be able to download the csv file with username, Access Key and Secret Access Key.

Click Download Credentials button to download the csv file calledcredentials.csv . This content has one line for each user in the following manner, user name , Access Key , Secret Access Key will be the order of the text written in comma-separated file.

"User_name", AXXXXXXXXXXXXXXXXXXX, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Finally, select the user you just created and show the details, and click on the Add User to Groups button to add the user to the create_snapshot group you just created.

If you did not create a group, click the Attach Policy button to give the policy, AmazonEC2CreateSnapshots  to the user you created.

So far, we have created a snapshot authority, and have gotten the Access Key and Secret Access Key of the IAM user.

Next, let’s set a shell script that creates a snapshot to the instance with ssh connect.

Run shell scripts to create snapshot and AWS CLI settings

AWS CLI Settings

Connect to the instance of Amimoto AMI with ssh, and run the following command.

Enter your Access Key, Secret Key, etc. For Default region name , enter  ap-northeast-1 if you are using the “Tokyo Region”.

$ aws configure
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: 
Default output format [None]: 

The configuration file value you enter here is created in the directory configandcredentials will be saved ~ / .aws /

The configuration files save the values you enter here areconfigand credentials and created in the directory  ~/.aws/

Execution of shell script to create a snapshot

Using the AWS CLI, you can create a shell script to create a snapshot of the volume that is connected to your instance.
Please use:

SHELLDIR=`dirname ${0}`
SHELLNAME=`basename $0`
AWS="/usr/bin/aws --region ${REGION}"
INSTANCE_ID=`curl -s`
rotate_log() {
(( cnt=${LOG_SAVE_PERIOD} ))
while (( cnt > 0 ))
(( cnt=cnt-1 ))
if [ -f $logfile2 ]; then
mv $logfile2 $logfile1
if [ -f $LOG_FILE ]; then
mv ${LOG_FILE} ${LOG_FILE}.1
touch $LOG_FILE
print_msg() {
echo "`date '+%Y/%m/%d %H:%M:%S'` $1" | tee -a ${LOG_FILE}
create_snapshot() {
print_msg "Create snapshot Start"
VOL_ID=`${AWS} ec2 describe-instances --instance-ids ${INSTANCE_ID} --output text | grep EBS | awk '{print $5}'`
if [ -z ${VOL_ID} ] ; then
echo ${VOL_ID}
print_msg "ERR:ec2-describe-instances"
logger -f ${LOG_FILE}
exit 1
print_msg "ec2-describe-instances Success : ${VOL_ID}"
${AWS} ec2 create-snapshot --volume-id ${VOL_ID} --description "Created by SYSTEMBK(${INSTANCE_ID}) from ${VOL_ID}" >> ${LOG_FILE} 2>&1
if [ $? != 0 ] ; then
print_msg "ERR:${SHELLDIR}/${SHELLNAME} ec2-create-snapshot"
logger -f ${LOG_FILE}
exit 1
print_msg "Create snapshot End"
delete_old_snapshot() {
print_msg "Delete old snapshot Start"
SNAPSHOTS=`${AWS} ec2 describe-snapshots --output text | grep ${VOL_ID} | grep "Created by SYSTEMBK" | wc -l`
${AWS} ec2 delete-snapshot --snapshot-id `${AWS} ec2 describe-snapshots --output text | grep ${VOL_ID} | grep "Created by SYSTEMBK" | sort -k 11,11 | awk 'NR==1 {print $10}'` >> ${LOG_FILE} 2>&1
if [ $? != 0 ] ; then
print_msg "ERR:${SHELLDIR}/${SHELLNAME} ec2-delete-snapshot"
logger -f ${LOG_FILE}
exit 1
SNAPSHOTS=`${AWS} ec2 describe-snapshots | grep ${VOL_ID} | grep "Created by SYSTEMBK" | wc -l`
print_msg "Delete old snapshot End"
exit 0

Line 6 is the directory where you want to save the run-time log. Please change to the appropriate directory to where the running user can write.

Line 10 is the name of the region in which your instance is running.
Line 11 is the generation you want to save the snapshot. Since it is set to 2, the third old snapshot will be automatically deleted when you run this script.

Steps to download and run this script to the instance are as follows:

$ wget
--2015-03-04 19: 37: 58-- the ( We contact the DNS ... ( | |: 443 You are connected to it ... was connected.
You sent a connection request by HTTP, we are waiting for a response ... 200 OK
Length: 2383 (2.3K) [text / plain]
And during storage in ` ' 100% [========================================== ==========================>] 2.33K --.- KB / s time 0s     

2015-03-04 19:37:58 (140 MB / s) - save completion to ` '[2383/2383]

$ chmod + x 

※ An error will occur because you do not have the write access to /var/log. Please change the directory that can be written by the user who runs line 6.

After that, if you register this script to cron, it is possible to create a periodic snapshot.
For details on how to register to cron, please refer to the following references:
cron – Wikipedia
Linux Cron Guide 

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk