All Collections
Actions
Amazon Web Services
A Guide to Creating VSS-Enabled EBS Snapshots
A Guide to Creating VSS-Enabled EBS Snapshots
Matt Houser avatar
Written by Matt Houser
Updated over a week ago

When enabled, Skeddly can create VSS-enabled EBS snapshots. The following action types support VSS-enabled EBS snapshots:

  • Backup Multiple EC2 Instances

  • Backup EC2 Instance

  • Create Multiple EBS Snapshots

  • Create EBS Snapshot

VSS-enabled EBS snapshots are also available when using Skeddly's Managed Instances.

To enable VSS-enabled EBS snapshots, select one of the "VSS-Enabled via SSM" choices in the "Consistency Method" field:

Since VSS is not supported on all EC2 instances, a fallback method is selected as well. When snapshots are being created, if Skeddly determines that VSS-enabled snapshots cannot be created, the fallback method will be used instead.

Requirements

In order to create VSS-enabled EBS snapshots, the following is required:

  • The EC2 instance must be running Windows Server 2012 or later.

  • The EC2 instance must be running SSM Agent version 2.2.58.0 or later.

  • AWS Tools for Windows PowerShell version 4.0.5.0 or later.

  • The EC2 instance must be running an IAM role which gives it permissions to:

    • Receive and execute SSM commands (EC2 Run Commands), and

    • Create EBS snapshots (see below)

  • The EC2 instance must have outbound access to the internet via port 443.

  • Skeddly will create an SSM document called Skeddly-VssCreateSnapshots in each region where EBS snapshots are to be created.

  • Skeddly will install the AWS VSS Components on the EC2 instances as part of the backup process.

The EC2 instance should have the following IAM policy attached to it's IAM role.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateSnapshot",
"ec2:DescribeSnapshots"
],
"Resource": "*"
}
]
}

Additional Notes

  • Ensure you use Skeddly's IAM Policy Generator to include all necessary commands in your Skeddly IAM role's/user's permission document.

Did this answer your question?