使用前置和後置指令碼的需求開始使用應用程式一致快照 Amazon Data Lifecycle Manager VSS 備份的考量事項應用程式一致快照的共同責任

使用 Data Lifecycle Manager 自動化應用程式一致性快照

您可以在以執行個體為目標的快照生命週期政策中啟用前置和後置指令碼，以使用 Amazon Data Lifecycle Manager 自動執行應用程式一致快照。

Amazon Data Lifecycle Manager 與 AWS Systems Manager （Systems Manager）整合，以支援應用程式一致性快照。Amazon Data Lifecycle Manager 使用 Systems Manager （SSM）命令文件，其中包含前後指令碼，以自動化完成應用程式一致性快照所需的動作。Amazon Data Lifecycle Manager 在起始快照建立作業之前，會先執行前置指令碼中的命令以凍結和清除 I/O。Amazon Data Lifecycle Manager 起始快照建立作業後，會執行後置指令碼中的命令以解凍 I/O。

使用 Amazon Data Lifecycle Manager，您可以自動執行下列應用程式一致快照：

使用磁碟區影子複製服務的 Windows 應用程式（VSS）
SAP HANA 使用 AWS 受管SSDM文件。如需詳細資訊，請參閱適用於的 Amazon SAP EBS快照HANA。
使用SSM文件範本自行管理的資料庫 InterSystems IRIS，例如 My SQL、PostgreSQL 或

主題

使用前置和後置指令碼的需求
開始使用應用程式一致快照
Amazon Data Lifecycle Manager VSS 備份的考量事項
應用程式一致快照的共同責任

使用前置和後置指令碼的需求

下表概述在 Amazon Data Lifecycle Manager 中使用前置和後置指令碼的需求。

	應用程式一致性快照
需求	VSS 備份	自訂SSM文件	其他使用案例
SSM 在目標執行個體上安裝和執行的代理程式	✓	✓	✓
VSS 目標執行個體符合的系統需求	✓
VSS 與目標執行個體相關聯的已啟用執行個體設定檔	✓
VSS 安裝在目標執行個體上的元件	✓
使用指令碼前後命令準備SSM文件		✓	✓
準備 Amazon Data Lifecycle Manager IAM角色在指令碼前後執行	✓	✓	✓
建立以執行個體為目標的快照政策，並針對前後指令碼進行設定	✓	✓	✓

開始使用應用程式一致快照

本節說明使用 Amazon Data Lifecycle Manager 自動執行應用程式一致快照需遵循的步驟。

您需要使用 Amazon Data Lifecycle Manager 來準備目標執行個體，以取得應用程式一致快照。根據使用案例執行以下其中一項操作。

Prepare for VSS Backups

準備備份的目標執行個體 VSS

如果尚未安裝SSM代理程式，請在目標執行個體上安裝代理程式。如果SSM代理程式已安裝在您的目標執行個體上，請略過此步驟。

如需詳細資訊，請參閱在 Windows 的 Amazon EC2執行個體上手動安裝SSM代理程式。
確保SSM代理程式正在執行。如需詳細資訊，請參閱檢查SSM客服人員狀態和啟動客服人員。
為 Amazon EC2執行個體設定 Systems Manager。如需詳細資訊，請參閱 AWS Systems Manager 使用者指南 中的為 Amazon EC2執行個體設定 Systems Manager。
確保符合VSS備份的系統需求。
將VSS已啟用的執行個體設定檔連接至目標執行個體。
安裝VSS元件。

Prepare for SAP HANA backups

準備備份的目標執行個體 SAP HANA

準備目標執行個體上的SAPHANA環境。
1. 使用 SAP 設定執行個體HANA。如果您還沒有現有SAPHANA環境，則可以參考上的SAPHANA環境設定 AWS。
2. 以合適的系統管理員使用者身分登入 SystemDB。
3. 建立要搭配 Amazon Data Lifecycle Manager 使用的資料庫備份使用者。
```
CREATE USER username PASSWORD password NO FORCE_FIRST_PASSWORD_CHANGE;
```
  例如，以下命令會建立名為 dlm_user 且密碼為 password 的使用者。
```
CREATE USER dlm_user PASSWORD password NO FORCE_FIRST_PASSWORD_CHANGE;
```
4. 將 BACKUP OPERATOR 角色指派給您在先前步驟中建立的資料庫備份使用者。
```
GRANT BACKUP OPERATOR TO username
```
  例如，下列命令會將角色指派給名為 dlm_user 的使用者。
```
GRANT BACKUP OPERATOR TO dlm_user
```
5. 以管理員身分登入作業系統，例如 sidadm。
6. 建立hdbuserstore項目以存放連線資訊，讓SAPHANASSM文件可以連線至，SAPHANA而使用者不必輸入資訊。
```
hdbuserstore set DLM_HANADB_SNAPSHOT_USER localhost:3hana_instance_number13 username password
```
  例如：
```
hdbuserstore set DLM_HANADB_SNAPSHOT_USER localhost:30013 dlm_user password
```
7. 測試連線。
```
hdbsql -U DLM_HANADB_SNAPSHOT_USER "select * from dummy"
```
如果尚未安裝SSM代理程式，請在目標執行個體上安裝代理程式。如果SSM代理程式已安裝在您的目標執行個體上，請略過此步驟。

如需詳細資訊，請參閱在 Linux 的 Amazon EC2執行個體上手動安裝SSM代理程式。
確保SSM代理程式正在執行。如需詳細資訊，請參閱檢查SSM客服人員狀態和啟動客服人員。
為 Amazon EC2執行個體設定 Systems Manager。如需詳細資訊，請參閱 AWS Systems Manager 使用者指南 中的為 Amazon EC2執行個體設定 Systems Manager。

Prepare for custom SSM documents

準備目標執行個體自訂SSM文件

如果尚未安裝SSM代理程式，請在目標執行個體上安裝代理程式。如果SSM代理程式已安裝在您的目標執行個體上，請略過此步驟。
- （Linux 執行個體）在 Linux 的 Amazon EC2執行個體上手動安裝 SSM Agent
- （Windows 執行個體）在 Windows 的 Amazon EC2執行個體上手動安裝SSM代理程式
確保SSM代理程式正在執行。如需詳細資訊，請參閱檢查SSM客服人員狀態並啟動客服人員。
為 Amazon EC2執行個體設定 Systems Manager。如需詳細資訊，請參閱 AWS Systems Manager 使用者指南 中的為 Amazon EC2執行個體設定 Systems Manager。

注意

只有自訂SSM文件需要此步驟。VSS 備份或 SAP 不需要HANA。對於VSS備份和 SAP HANA，Amazon Data Lifecycle Manager 會使用 AWS 受管SSM文件。

如果您要自動執行自我管理資料庫的應用程式一致性快照，例如 My SQL、Postgre SQL或 InterSystems IRIS，則必須建立包含預先指令碼的SSM命令文件，以便在建立快照之前凍結和排清 I/O，以及建立快照後解凍 I/O 的後指令碼。

如果您的 My SQL、Postgre SQL或 InterSystems IRIS 資料庫使用標準組態，您可以使用下面的範例文件內容建立SSM命令SSM文件。如果您的 My SQL、Postgre SQL或 InterSystems IRIS 資料庫使用非標準組態，您可以使用下列範例內容作為SSM命令文件的起點，然後自訂該範例內容以符合您的需求。或者，如果您想要從頭開始建立新SSM文件，您可以使用下面的空白SSM文件範本，並在適當的文件區段中新增您的前文和後文命令。

注意下列事項：

您有責任確保SSM文件為您的資料庫組態執行正確且必要的動作。
只有當SSM文件中的前後指令碼能夠成功凍結、排清和解凍 I/O 時，快照才會保證與應用程式一致。
SSM 文件必須包含的必要欄位allowedValues，包括 pre-script、 post-script和 dry-run。Amazon Data Lifecycle Manager 會根據這些區段的內容，在執行個體上執行命令。如果您的SSM文件沒有這些區段，Amazon Data Lifecycle Manager 會將文件視為執行失敗。

MySQL sample document content


###===============================================================================###
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
###===============================================================================###
schemaVersion: '2.2'
description: Amazon Data Lifecycle Manager Pre/Post script for MySQL databases
parameters:
  executionId:
    type: String
    default: None
    description: (Required) Specifies the unique identifier associated with a pre and/or post execution
    allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$
  command:
  # Data Lifecycle Manager will trigger the pre-script and post-script actions during policy execution. 
  # 'dry-run' option is intended for validating the document execution without triggering any commands
  # on the instance. The following allowedValues will allow Data Lifecycle Manager to successfully 
  # trigger pre and post script actions.
    type: String
    default: 'dry-run'
    description: (Required) Specifies whether pre-script and/or post-script should be executed.
    allowedValues:
    - pre-script
    - post-script
    - dry-run

mainSteps:
- action: aws:runShellScript
  description: Run MySQL Database freeze/thaw commands
  name: run_pre_post_scripts
  precondition:
    StringEquals:
    - platformType
    - Linux
  inputs:
    runCommand:
    - |
      #!/bin/bash

      ###===============================================================================###
      ### Error Codes
      ###===============================================================================###
      # The following Error codes will inform Data Lifecycle Manager of the type of error 
      # and help guide handling of the error. 
      # The Error code will also be emitted via AWS Eventbridge events in the 'cause' field.
      # 1 Pre-script failed during execution - 201
      # 2 Post-script failed during execution - 202
      # 3 Auto thaw occurred before post-script was initiated - 203
      # 4 Pre-script initiated while post-script was expected - 204
      # 5 Post-script initiated while pre-script was expected - 205
      # 6 Application not ready for pre or post-script initiation - 206

      ###=================================================================###
      ### Global variables
      ###=================================================================###
      START=$(date +%s)
      # For testing this script locally, replace the below with OPERATION=$1.
      OPERATION={{ command }}
      FS_ALREADY_FROZEN_ERROR='freeze failed: Device or resource busy'
      FS_ALREADY_THAWED_ERROR='unfreeze failed: Invalid argument'
      FS_BUSY_ERROR='mount point is busy'

      # Auto thaw is a fail safe mechanism to automatically unfreeze the application after the 
      # duration specified in the global variable below. Choose the duration based on your
      # database application's tolerance to freeze.
      export AUTO_THAW_DURATION_SECS="60"

      # Add all pre-script actions to be performed within the function below
      execute_pre_script() {
          echo "INFO: Start execution of pre-script"
          # Check if filesystem is already frozen. No error code indicates that filesystem 
          # is not currently frozen and that the pre-script can proceed with freezing the filesystem.
          check_fs_freeze
          # Execute the DB commands to flush the DB in preparation for snapshot
          snap_db
          # Freeze the filesystem. No error code indicates that filesystem was succefully frozen
          freeze_fs

          echo "INFO: Schedule Auto Thaw to execute in ${AUTO_THAW_DURATION_SECS} seconds."
          $(nohup bash -c execute_schedule_auto_thaw  >/dev/null 2>&1 &)
      }

      # Add all post-script actions to be performed within the function below
      execute_post_script() {
          echo "INFO: Start execution of post-script"
          # Unfreeze the filesystem. No error code indicates that filesystem was successfully unfrozen.
          unfreeze_fs
          thaw_db
      }

      # Execute Auto Thaw to automatically unfreeze the application after the duration configured 
      # in the AUTO_THAW_DURATION_SECS global variable.
      execute_schedule_auto_thaw() {
          sleep ${AUTO_THAW_DURATION_SECS}
          execute_post_script
      }

      # Disable Auto Thaw if it is still enabled
      execute_disable_auto_thaw() {
          echo "INFO: Attempting to disable auto thaw if enabled"
          auto_thaw_pgid=$(pgrep -f execute_schedule_auto_thaw | xargs -i ps -hp {} -o pgid)
          if [ -n "${auto_thaw_pgid}" ]; then
              echo "INFO: execute_schedule_auto_thaw process found with pgid ${auto_thaw_pgid}"
              sudo pkill -g ${auto_thaw_pgid}
              rc=$?
              if [ ${rc} != 0 ]; then
                  echo "ERROR: Unable to kill execute_schedule_auto_thaw process. retval=${rc}"
              else
                  echo "INFO: Auto Thaw  has been disabled"
              fi
          fi
      }

      # Iterate over all the mountpoints and check if filesystem is already in freeze state.
      # Return error code 204 if any of the mount points are already frozen.
      check_fs_freeze() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous and pre-script does not freeze these filesystems.
              # Hence, we will skip the root and boot mountpoints while checking if filesystem is in freeze state.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi

              error_message=$(sudo mount -o remount,noatime $target 2>&1)
              # Remount will be a no-op without a error message if the filesystem is unfrozen.
              # However, if filesystem is already frozen, remount will fail with busy error message.
              if [ $? -ne 0 ];then
                  # If the filesystem is already in frozen, return error code 204
                  if [[ "$error_message" == *"$FS_BUSY_ERROR"* ]];then
                      echo "ERROR: Filesystem ${target} already frozen. Return Error Code: 204"
                      exit 204
                  fi
                  # If the check filesystem freeze failed due to any reason other than the filesystem already frozen, return 201
                  echo "ERROR: Failed to check_fs_freeze on mountpoint $target due to error - $errormessage"
                  exit 201
              fi
          done
      } 

      # Iterate over all the mountpoints and freeze the filesystem.
      freeze_fs() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous. Hence, skip filesystem freeze 
              # operations for root and boot mountpoints.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi
              echo "INFO: Freezing $target"
              error_message=$(sudo fsfreeze -f $target 2>&1)
              if [ $? -ne 0 ];then
                  # If the filesystem is already in frozen, return error code 204
                  if [[ "$error_message" == *"$FS_ALREADY_FROZEN_ERROR"* ]]; then
                      echo "ERROR: Filesystem ${target} already frozen. Return Error Code: 204"
                      sudo mysql -e 'UNLOCK TABLES;'
                      exit 204
                  fi
                  # If the filesystem freeze failed due to any reason other than the filesystem already frozen, return 201
                  echo "ERROR: Failed to freeze mountpoint $targetdue due to error - $errormessage"
                  thaw_db
                  exit 201
              fi
              echo "INFO: Freezing complete on $target"
          done
      }

      # Iterate over all the mountpoints and unfreeze the filesystem.
      unfreeze_fs() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous and pre-script does not freeze these filesystems.
              # Hence, will skip the root and boot mountpoints during unfreeze as well.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi
              echo "INFO: Thawing $target"
              error_message=$(sudo fsfreeze -u $target 2>&1)
              # Check if filesystem is already unfrozen (thawed). Return error code 204 if filesystem is already unfrozen.
              if [ $? -ne 0 ]; then
                  if [[ "$error_message" == *"$FS_ALREADY_THAWED_ERROR"* ]]; then
                      echo "ERROR: Filesystem ${target} is already in thaw state. Return Error Code: 205"
                      exit 205
                  fi
                  # If the filesystem unfreeze failed due to any reason other than the filesystem already unfrozen, return 202
                  echo "ERROR: Failed to unfreeze mountpoint $targetdue due to error - $errormessage"
                  exit 202
              fi
              echo "INFO: Thaw complete on $target"
          done    
      }

      snap_db() {
          # Run the flush command only when MySQL DB service is up and running
          sudo systemctl is-active --quiet mysqld.service
          if [ $? -eq 0 ]; then
              echo "INFO: Execute MySQL Flush and Lock command."
              sudo mysql -e 'FLUSH TABLES WITH READ LOCK;'
              # If the MySQL Flush and Lock command did not succeed, return error code 201 to indicate pre-script failure
              if [ $? -ne 0 ]; then
                  echo "ERROR: MySQL FLUSH TABLES WITH READ LOCK command failed."
                  exit 201
              fi
              sync
          else 
              echo "INFO: MySQL service is inactive. Skipping execution of MySQL Flush and Lock command."
          fi
      }

      thaw_db() {
          # Run the unlock command only when MySQL DB service is up and running
          sudo systemctl is-active --quiet mysqld.service
          if [ $? -eq 0 ]; then
              echo "INFO: Execute MySQL Unlock"
              sudo mysql -e 'UNLOCK TABLES;'
          else 
              echo "INFO: MySQL service is inactive. Skipping execution of MySQL Unlock command."
          fi
      }

      export -f execute_schedule_auto_thaw
      export -f execute_post_script
      export -f unfreeze_fs
      export -f thaw_db

      # Debug logging for parameters passed to the SSM document
      echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}"

      # Based on the command parameter value execute the function that supports 
      # pre-script/post-script operation
      case ${OPERATION} in
          pre-script)
              execute_pre_script
              ;;
          post-script)
              execute_post_script
              execute_disable_auto_thaw
              ;;
          dry-run)
              echo "INFO: dry-run option invoked - taking no action"
              ;;
          *)
              echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run."
              exit 1 # return failure
              ;;
      esac

      END=$(date +%s)
      # Debug Log for profiling the script time
      echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."

PostgreSQL sample document content


###===============================================================================###
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
###===============================================================================###
schemaVersion: '2.2'
description: Amazon Data Lifecycle Manager Pre/Post script for PostgreSQL databases
parameters:
  executionId:
    type: String
    default: None
    description: (Required) Specifies the unique identifier associated with a pre and/or post execution
    allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$
  command:
  # Data Lifecycle Manager will trigger the pre-script and post-script actions during policy execution. 
  # 'dry-run' option is intended for validating the document execution without triggering any commands
  # on the instance. The following allowedValues will allow Data Lifecycle Manager to successfully 
  # trigger pre and post script actions.
    type: String
    default: 'dry-run'
    description: (Required) Specifies whether pre-script and/or post-script should be executed.
    allowedValues:
    - pre-script
    - post-script
    - dry-run

mainSteps:
- action: aws:runShellScript
  description: Run PostgreSQL Database freeze/thaw commands
  name: run_pre_post_scripts
  precondition:
    StringEquals:
    - platformType
    - Linux
  inputs:
    runCommand:
    - |
      #!/bin/bash

      ###===============================================================================###
      ### Error Codes
      ###===============================================================================###
      # The following Error codes will inform Data Lifecycle Manager of the type of error 
      # and help guide handling of the error. 
      # The Error code will also be emitted via AWS Eventbridge events in the 'cause' field.
      # 1 Pre-script failed during execution - 201
      # 2 Post-script failed during execution - 202
      # 3 Auto thaw occurred before post-script was initiated - 203
      # 4 Pre-script initiated while post-script was expected - 204
      # 5 Post-script initiated while pre-script was expected - 205
      # 6 Application not ready for pre or post-script initiation - 206

      ###===============================================================================###
      ### Global variables
      ###===============================================================================###
      START=$(date +%s)
      OPERATION={{ command }}
      FS_ALREADY_FROZEN_ERROR='freeze failed: Device or resource busy'
      FS_ALREADY_THAWED_ERROR='unfreeze failed: Invalid argument'
      FS_BUSY_ERROR='mount point is busy'

      # Auto thaw is a fail safe mechanism to automatically unfreeze the application after the 
      # duration specified in the global variable below. Choose the duration based on your
      # database application's tolerance to freeze.
      export AUTO_THAW_DURATION_SECS="60"

      # Add all pre-script actions to be performed within the function below
      execute_pre_script() {
          echo "INFO: Start execution of pre-script"
          # Check if filesystem is already frozen. No error code indicates that filesystem 
          # is not currently frozen and that the pre-script can proceed with freezing the filesystem.
          check_fs_freeze
          # Execute the DB commands to flush the DB in preparation for snapshot
          snap_db
          # Freeze the filesystem. No error code indicates that filesystem was succefully frozen
          freeze_fs

          echo "INFO: Schedule Auto Thaw to execute in ${AUTO_THAW_DURATION_SECS} seconds."
          $(nohup bash -c execute_schedule_auto_thaw  >/dev/null 2>&1 &)
      }

      # Add all post-script actions to be performed within the function below
      execute_post_script() {
          echo "INFO: Start execution of post-script"
          # Unfreeze the filesystem. No error code indicates that filesystem was successfully unfrozen
          unfreeze_fs
      }

      # Execute Auto Thaw to automatically unfreeze the application after the duration configured 
      # in the AUTO_THAW_DURATION_SECS global variable.
      execute_schedule_auto_thaw() {
          sleep ${AUTO_THAW_DURATION_SECS}
          execute_post_script
      }

      # Disable Auto Thaw if it is still enabled
      execute_disable_auto_thaw() {
          echo "INFO: Attempting to disable auto thaw if enabled"
          auto_thaw_pgid=$(pgrep -f execute_schedule_auto_thaw | xargs -i ps -hp {} -o pgid)
          if [ -n "${auto_thaw_pgid}" ]; then
              echo "INFO: execute_schedule_auto_thaw process found with pgid ${auto_thaw_pgid}"
              sudo pkill -g ${auto_thaw_pgid}
              rc=$?
              if [ ${rc} != 0 ]; then
                  echo "ERROR: Unable to kill execute_schedule_auto_thaw process. retval=${rc}"
              else
                  echo "INFO: Auto Thaw  has been disabled"
              fi
          fi
      }

      # Iterate over all the mountpoints and check if filesystem is already in freeze state.
      # Return error code 204 if any of the mount points are already frozen.
      check_fs_freeze() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous and pre-script does not freeze these filesystems.
              # Hence, we will skip the root and boot mountpoints while checking if filesystem is in freeze state.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi

              error_message=$(sudo mount -o remount,noatime $target 2>&1)
              # Remount will be a no-op without a error message if the filesystem is unfrozen.
              # However, if filesystem is already frozen, remount will fail with busy error message.
              if [ $? -ne 0 ];then
                  # If the filesystem is already in frozen, return error code 204
                  if [[ "$error_message" == *"$FS_BUSY_ERROR"* ]];then
                      echo "ERROR: Filesystem ${target} already frozen. Return Error Code: 204"
                      exit 204
                  fi
                  # If the check filesystem freeze failed due to any reason other than the filesystem already frozen, return 201
                  echo "ERROR: Failed to check_fs_freeze on mountpoint $target due to error - $errormessage"
                  exit 201
              fi
          done
      } 

      # Iterate over all the mountpoints and freeze the filesystem.
      freeze_fs() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous. Hence, skip filesystem freeze 
              # operations for root and boot mountpoints.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi
              echo "INFO: Freezing $target"
              error_message=$(sudo fsfreeze -f $target 2>&1)
              if [ $? -ne 0 ];then
                  # If the filesystem is already in frozen, return error code 204
                  if [[ "$error_message" == *"$FS_ALREADY_FROZEN_ERROR"* ]]; then
                      echo "ERROR: Filesystem ${target} already frozen. Return Error Code: 204"
                      exit 204
                  fi
                  # If the filesystem freeze failed due to any reason other than the filesystem already frozen, return 201
                  echo "ERROR: Failed to freeze mountpoint $targetdue due to error - $errormessage"
                  exit 201
              fi
              echo "INFO: Freezing complete on $target"
          done
      }

      # Iterate over all the mountpoints and unfreeze the filesystem.
      unfreeze_fs() {
          for target in $(lsblk -nlo MOUNTPOINTS)
          do
              # Freeze of the root and boot filesystems is dangerous and pre-script does not freeze these filesystems.
              # Hence, will skip the root and boot mountpoints during unfreeze as well.
              if [ $target == '/' ]; then continue; fi
              if [[ "$target" == *"/boot"* ]]; then continue; fi
              echo "INFO: Thawing $target"
              error_message=$(sudo fsfreeze -u $target 2>&1)
              # Check if filesystem is already unfrozen (thawed). Return error code 204 if filesystem is already unfrozen.
              if [ $? -ne 0 ]; then
                  if [[ "$error_message" == *"$FS_ALREADY_THAWED_ERROR"* ]]; then
                      echo "ERROR: Filesystem ${target} is already in thaw state. Return Error Code: 205"
                      exit 205
                  fi
                  # If the filesystem unfreeze failed due to any reason other than the filesystem already unfrozen, return 202
                  echo "ERROR: Failed to unfreeze mountpoint $targetdue due to error - $errormessage"
                  exit 202
              fi
              echo "INFO: Thaw complete on $target"
          done
      }

      snap_db() {
          # Run the flush command only when PostgreSQL DB service is up and running
          sudo systemctl is-active --quiet postgresql
          if [ $? -eq 0 ]; then
              echo "INFO: Execute Postgres CHECKPOINT"
              # PostgreSQL command to flush the transactions in memory to disk
              sudo -u postgres psql -c 'CHECKPOINT;'
              # If the PostgreSQL Command did not succeed, return error code 201 to indicate pre-script failure
              if [ $? -ne 0 ]; then
                  echo "ERROR: Postgres CHECKPOINT command failed."
                  exit 201
              fi
              sync
          else 
              echo "INFO: PostgreSQL service is inactive. Skipping execution of CHECKPOINT command."
          fi
      }

      export -f execute_schedule_auto_thaw
      export -f execute_post_script
      export -f unfreeze_fs

      # Debug logging for parameters passed to the SSM document
      echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}"

      # Based on the command parameter value execute the function that supports 
      # pre-script/post-script operation
      case ${OPERATION} in
          pre-script)
              execute_pre_script
              ;;
          post-script)
              execute_post_script
              execute_disable_auto_thaw
              ;;
          dry-run)
              echo "INFO: dry-run option invoked - taking no action"
              ;;
          *)
              echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run."
              exit 1 # return failure
              ;;
      esac

      END=$(date +%s)
      # Debug Log for profiling the script time
      echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."

InterSystems IRIS sample document content


###===============================================================================###
# MIT License
# 
# Copyright (c) 2024 InterSystems
# 
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
###===============================================================================###
schemaVersion: '2.2'
description: SSM Document Template for Amazon Data Lifecycle Manager Pre/Post script feature for InterSystems IRIS.
parameters:
  executionId:
    type: String
    default: None
    description: Specifies the unique identifier associated with a pre and/or post execution
    allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$
  command:
    type: String
    # Data Lifecycle Manager will trigger the pre-script and post-script actions. You can also use this SSM document with 'dry-run' for manual testing purposes.
    default: 'dry-run'
    description: (Required) Specifies whether pre-script and/or post-script should be executed.
    #The following allowedValues will allow Data Lifecycle Manager to successfully trigger pre and post script actions.
    allowedValues:
    - pre-script
    - post-script
    - dry-run

mainSteps:
- action: aws:runShellScript
  description: Run InterSystems IRIS Database freeze/thaw commands
  name: run_pre_post_scripts
  precondition:
    StringEquals:
    - platformType
    - Linux
  inputs:
    runCommand:
    - |
      #!/bin/bash
      ###===============================================================================###
      ### Global variables
      ###===============================================================================###
      DOCKER_NAME=iris
      LOGDIR=./
      EXIT_CODE=0
      OPERATION={{ command }}
      START=$(date +%s)
      
      # Check if Docker is installed
      # By default if Docker is present, script assumes that InterSystems IRIS is running in Docker
      # Leave only the else block DOCKER_EXEC line, if you run InterSystems IRIS non-containerised (and Docker is present).
      # Script assumes irissys user has OS auth enabled, change the OS user or supply login/password depending on your configuration.
      if command -v docker &> /dev/null
      then
        DOCKER_EXEC="docker exec $DOCKER_NAME"
      else
        DOCKER_EXEC="sudo -i -u irissys"
      fi
      
                    
      # Add all pre-script actions to be performed within the function below
      execute_pre_script() {
        echo "INFO: Start execution of pre-script"
        
        # find all iris running instances
        iris_instances=$($DOCKER_EXEC iris qall 2>/dev/null | tail -n +3 | grep '^up' | cut -c5-  | awk '{print $1}')
        echo "`date`: Running iris instances $iris_instances"
      
        # Only for running instances
        for INST in $iris_instances; do
      
          echo "`date`: Attempting to freeze $INST"
      
          # Detailed instances specific log
          LOGFILE=$LOGDIR/$INST-pre_post.log
          
          #check Freeze status before starting
          $DOCKER_EXEC irissession $INST -U '%SYS' "##Class(Backup.General).IsWDSuspendedExt()"
          freeze_status=$?
          if [ $freeze_status -eq 5 ]; then
            echo "`date`:   ERROR: $INST IS already FROZEN"
            EXIT_CODE=204
          else
            echo "`date`:   $INST is not frozen"
            # Freeze
            # Docs: https://docs.intersystems.com/irislatest/csp/documatic/%25CSP.Documatic.cls?LIBRARY=%25SYS&CLASSNAME=Backup.General#ExternalFreeze
            $DOCKER_EXEC irissession $INST -U '%SYS' "##Class(Backup.General).ExternalFreeze(\"$LOGFILE\",,,,,,600,,,300)"
            status=$?
      
            case $status in
              5) echo "`date`:   $INST IS FROZEN"
                ;;
              3) echo "`date`:   $INST FREEZE FAILED"
                EXIT_CODE=201
                ;;
              *) echo "`date`:   ERROR: Unknown status code: $status"
                EXIT_CODE=201
                ;;
            esac
            echo "`date`:   Completed freeze of $INST"
          fi
        done
        echo "`date`: Pre freeze script finished"
      }
                    
      # Add all post-script actions to be performed within the function below
      execute_post_script() {
        echo "INFO: Start execution of post-script"
      
        # find all iris running instances
        iris_instances=$($DOCKER_EXEC iris qall 2>/dev/null | tail -n +3 | grep '^up' | cut -c5-  | awk '{print $1}')
        echo "`date`: Running iris instances $iris_instances"
      
        # Only for running instances
        for INST in $iris_instances; do
      
          echo "`date`: Attempting to thaw $INST"
      
          # Detailed instances specific log
          LOGFILE=$LOGDIR/$INST-pre_post.log
      
          #check Freeze status befor starting
          $DOCKER_EXEC irissession $INST -U '%SYS' "##Class(Backup.General).IsWDSuspendedExt()"
          freeze_status=$?
          if [ $freeze_status -eq 5 ]; then
            echo "`date`:  $INST is in frozen state"
            # Thaw
            # Docs: https://docs.intersystems.com/irislatest/csp/documatic/%25CSP.Documatic.cls?LIBRARY=%25SYS&CLASSNAME=Backup.General#ExternalFreeze
            $DOCKER_EXEC irissession $INST -U%SYS "##Class(Backup.General).ExternalThaw(\"$LOGFILE\")"
            status=$?
      
            case $status in
              5) echo "`date`:   $INST IS THAWED"
                  $DOCKER_EXEC irissession $INST -U%SYS "##Class(Backup.General).ExternalSetHistory(\"$LOGFILE\")"
                ;;
              3) echo "`date`:   $INST THAW FAILED"
                  EXIT_CODE=202
                ;;
              *) echo "`date`:   ERROR: Unknown status code: $status"
                  EXIT_CODE=202
                ;;
            esac
            echo "`date`:   Completed thaw of $INST"
          else
            echo "`date`:   ERROR: $INST IS already THAWED"
            EXIT_CODE=205
          fi
        done
        echo "`date`: Post thaw script finished"
      }
      
      # Debug logging for parameters passed to the SSM document
        echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}"
                    
      # Based on the command parameter value execute the function that supports 
      # pre-script/post-script operation
      case ${OPERATION} in
        pre-script)
          execute_pre_script
          ;;
        post-script)
          execute_post_script
            ;;
        dry-run)
          echo "INFO: dry-run option invoked - taking no action"
          ;;
        *)
          echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run."
          # return failure
          EXIT_CODE=1
          ;;
      esac
                    
      END=$(date +%s)
      # Debug Log for profiling the script time
      echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."
      exit $EXIT_CODE

如需詳細資訊，請參閱GitHub 儲存庫。

Empty document template


###===============================================================================###
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
###===============================================================================###
schemaVersion: '2.2'
description: SSM Document Template for Amazon Data Lifecycle Manager Pre/Post script feature
parameters:
  executionId:
    type: String
    default: None
    description: (Required) Specifies the unique identifier associated with a pre and/or post execution
    allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$
  command:
  # Data Lifecycle Manager will trigger the pre-script and post-script actions during policy execution. 
  # 'dry-run' option is intended for validating the document execution without triggering any commands
  # on the instance. The following allowedValues will allow Data Lifecycle Manager to successfully 
  # trigger pre and post script actions.
    type: String
    default: 'dry-run'
    description: (Required) Specifies whether pre-script and/or post-script should be executed.
    allowedValues:
    - pre-script
    - post-script
    - dry-run

mainSteps:
- action: aws:runShellScript
  description: Run Database freeze/thaw commands
  name: run_pre_post_scripts
  precondition:
    StringEquals:
    - platformType
    - Linux
  inputs:
    runCommand:
    - |
      #!/bin/bash

      ###===============================================================================###
      ### Error Codes
      ###===============================================================================###
      # The following Error codes will inform Data Lifecycle Manager of the type of error 
      # and help guide handling of the error. 
      # The Error code will also be emitted via AWS Eventbridge events in the 'cause' field.
      # 1 Pre-script failed during execution - 201
      # 2 Post-script failed during execution - 202
      # 3 Auto thaw occurred before post-script was initiated - 203
      # 4 Pre-script initiated while post-script was expected - 204
      # 5 Post-script initiated while pre-script was expected - 205
      # 6 Application not ready for pre or post-script initiation - 206

      ###===============================================================================###
      ### Global variables
      ###===============================================================================###
      START=$(date +%s)
      # For testing this script locally, replace the below with OPERATION=$1.
      OPERATION={{ command }}

      # Add all pre-script actions to be performed within the function below
      execute_pre_script() {
          echo "INFO: Start execution of pre-script"
      }

      # Add all post-script actions to be performed within the function below
      execute_post_script() {
          echo "INFO: Start execution of post-script"
      }

      # Debug logging for parameters passed to the SSM document
      echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}"

      # Based on the command parameter value execute the function that supports 
      # pre-script/post-script operation
      case ${OPERATION} in
          pre-script)
              execute_pre_script
              ;;
          post-script)
              execute_post_script
              ;;
          dry-run)
              echo "INFO: dry-run option invoked - taking no action"
              ;;
          *)
              echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run."
              exit 1 # return failure
              ;;
      esac

      END=$(date +%s)
      # Debug Log for profiling the script time
      echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."

取得SSM文件內容後，請使用下列其中一個程序來建立自訂SSM文件。

注意

在下列情況中，需執行此步驟：

您可以使用自訂IAM角色建立或更新啟用指令碼的前後快照政策。
您可以使用命令列建立或更新使用預設值且已啟用前置/後置指令碼的快照政策。

如果您使用主控台建立或更新啟用指令碼的快照政策，該政策使用預設角色來管理快照（AWSDataLifecycleManagerDefaultRole），請略過此步驟。在此情況下，我們會自動將AWSDataLifecycleManagerSSMFullAccess政策連接至該角色。

您必須確保您用於政策IAM的角色授予 Amazon Data Lifecycle Manager 許可，以執行在政策目標執行個體上執行指令碼前和後所需的SSM動作。

Amazon Data Lifecycle Manager 提供包含必要許可的受管政策（AWSDataLifecycleManagerSSMFullAccess）。您可以將此政策連接至您的IAM角色來管理快照，以確保它包含許可。

重要

AWSDataLifecycleManagerSSMFullAccess 受管政策使用 aws:ResourceTag 條件索引鍵，限制在使用指令碼前後時存取特定SSM文件。若要允許 Amazon Data Lifecycle Manager 存取SSM文件，您必須確保您的SSM文件已標記 DLMScriptsAccess:true。

或者，您可以手動建立自訂政策，或直接將所需的許可指派給您使用IAM的角色。您可以使用受 AWSDataLifecycleManagerSSMFullAccess 管政策中定義的相同許可，但aws:ResourceTag條件索引鍵是選用的。如果您決定不包含該條件索引鍵，則不需要使用標記SSM文件DLMScriptsAccess:true。

使用下列其中一種方法來將AWSDataLifecycleManagerSSMFullAccess政策新增至您的IAM角色。

若要自動執行應用程式一致快照，您必須建立以執行個體為目標的快照生命週期政策，並為該政策設定前置和後置指令碼。

Console

建立快照生命週期政策

在開啟 Amazon EC2主控台https://console.aws.amazon.com/ec2/。
在導覽窗格中，選擇 Elastic Block Store、Lifecycle Manager (生命週期管理員)，然後選擇 Create lifecycle policy (建立生命週期政策)。
在選取政策類型畫面上，選擇EBS快照政策，然後選擇下一個 。
在 Target resources (目標資源) 區段中，執行下列動作：
1. 針對目標資源類型，選擇 Instance。
2. 在目標資源標籤，指定用來識別待備份磁碟區或執行個體的資源標籤。系統只會備份具有指定標籤的資源。
對於IAM角色 ，請選擇 AWSDataLifecycleManagerDefaultRole（管理快照的預設角色），或選擇您為指令碼前後建立和準備的自訂角色。
根據需要設定排程和其他選項。建議您針對配合工作負載的期間 (例如維護時段) 排程快照建立時間。

對於 SAP HANA，我們建議您啟用快速快照還原。

注意
如果您啟用VSS備份排程，則無法啟用排除特定資料磁碟區或從來源複製標籤。
在前置和後置指令碼區段中，選取啟用前置和後置指令碼，然後根據您的工作負載執行下列操作：
- 若要建立 Windows 應用程式的應用程式一致性快照，請選取VSS備份 。
- 若要建立SAPHANA工作負載的應用程式一致性快照，請選取 SAP HANA。
- 若要使用自訂SSM文件建立所有其他資料庫和工作負載的應用程式一致性快照，包括自我管理的 My SQL、Postgre SQL或 InterSystems IRIS資料庫，請選取自訂SSM文件 。
  1. 在自動執行選項選擇前置和後置指令碼。
  2. 針對SSM文件 ，選取您準備SSM的文件。
根據您選取的選項，設定以下其他選項：
- 指令碼逾時 — （僅限自訂SSM文件 ） Amazon Data Lifecycle Manager 未完成指令碼執行嘗試失敗的逾時期間。如果指令碼沒有在逾時期間內完成，Amazon Data Lifecycle Manager 的嘗試就會失敗。逾時期限會分別套用至前置和後置指令碼。最低和預設逾時期間為 10 秒。最大逾時期間為 120 秒。
- 重試失敗的指令碼：選取此選項可重試在逾時期間內未完成的指令碼。如果前置指令碼失敗，Amazon Data Lifecycle Manager 會重試整個快照建立程序，包括執行前置和後置指令碼。如果後置指令碼失敗，Amazon Data Lifecycle Manager 只會重試後置指令碼；在此情況下，前置指令碼應該已完成，而且快照可能已建立。
- 預設為當機一致快照：選取此選項可在前置指令碼執行失敗時，預設為當機一致快照。如果未啟用前置和後置指令碼，這是 Amazon Data Lifecycle Manager 的預設快照建立行為。如果您啟用重試功能，Amazon Data Lifecycle Manager 只會在用盡所有重試嘗試次數之後，才會預設為當機一致快照。如果前置指令碼失敗，且您沒有預設為當機一致快照，Amazon Data Lifecycle Manager 就不會在該排程執行期間為執行個體建立快照。
  
  注意
  如果您要為 SAP 建立快照HANA，則可能需要停用此選項。SAP HANA 工作負載的損毀一致性快照無法以相同方式還原。
選擇建立預設政策。

注意
如果出現 Role with name AWSDataLifecycleManagerDefaultRole already exists 錯誤，請參閱對 Amazon Data Lifecycle Manager 問題進行故障診斷以取得更多資訊。

AWS CLI

建立快照生命週期政策

使用 create-lifecycle-policy命令，並在中包含 Scripts 參數CreateRule。如需參數的詳細資訊，請參閱 Amazon Data Lifecycle Manager API參考。


$ aws dlm create-lifecycle-policy \
--description "policy_description" \
--state ENABLED \
--execution-role-arn iam_role_arn \
--policy-details file://policyDetails.json

根據使用案例而定，policyDetails.json 中會包含以下其中一項：

VSS 備份


{
    "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
    "ResourceTypes": [
        "INSTANCE"
    ],
    "TargetTags": [{
        "Key": "tag_key",
        "Value": "tag_value"
    }],
    "Schedules": [{
        "Name": "schedule_name",
        "CreateRule": {
            "CronExpression": "cron_for_creation_frequency", 
            "Scripts": [{ 
                "ExecutionHandler":"AWS_VSS_BACKUP",
                "ExecuteOperationOnScriptFailure":true|false,
                "MaximumRetryCount":retries (0-3)
            }]
        },
        "RetainRule": {
            "Count": retention_count
        }
    }]
}

SAP HANA 備份


{
    "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
    "ResourceTypes": [
        "INSTANCE"
    ],
    "TargetTags": [{
        "Key": "tag_key",
        "Value": "tag_value"
    }],
    "Schedules": [{
        "Name": "schedule_name",
        "CreateRule": {
            "CronExpression": "cron_for_creation_frequency", 
            "Scripts": [{ 
                "Stages": ["PRE","POST"],
                "ExecutionHandlerService":"AWS_SYSTEMS_MANAGER",
                "ExecutionHandler":"AWSSystemsManagerSAP-CreateDLMSnapshotForSAPHANA",
                "ExecuteOperationOnScriptFailure":true|false,
                "ExecutionTimeout":timeout_in_seconds (10-120), 
                "MaximumRetryCount":retries (0-3)
            }]
        },
        "RetainRule": {
            "Count": retention_count
        }
    }]
}

自訂SSM文件


{
    "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
    "ResourceTypes": [
        "INSTANCE"
    ],
    "TargetTags": [{
        "Key": "tag_key",
        "Value": "tag_value"
    }],
    "Schedules": [{
        "Name": "schedule_name",
        "CreateRule": {
            "CronExpression": "cron_for_creation_frequency", 
            "Scripts": [{ 
                "Stages": ["PRE","POST"],
                "ExecutionHandlerService":"AWS_SYSTEMS_MANAGER",
                "ExecutionHandler":"ssm_document_name|arn",
                "ExecuteOperationOnScriptFailure":true|false,
                "ExecutionTimeout":timeout_in_seconds (10-120), 
                "MaximumRetryCount":retries (0-3)
            }]
        },
        "RetainRule": {
            "Count": retention_count
        }
    }]
}

Amazon Data Lifecycle Manager VSS 備份的考量事項

使用 Amazon Data Lifecycle Manager，您可以備份和還原在 Amazon EC2執行個體上執行且啟用 VSS（磁碟區影子複製服務）的 Windows 應用程式。如果應用程式有已向 Windows 註冊的VSS寫入器VSS，則 Amazon Data Lifecycle Manager 會建立與該應用程式一致的快照。

注意

Amazon Data Lifecycle Manager 目前EC2僅支援在 Amazon 上執行之資源的應用程式一致性快照，特別是對於可以透過將現有執行個體取代為從備份建立的新執行個體來還原應用程式資料的備份案例。備份不支援所有執行個體類型或應用程式VSS。如需詳細資訊，請參閱 Amazon 使用者指南中的什麼是 AWS VSS？。 EC2

不支援的執行個體類型

VSS 備份不支援下列 Amazon EC2執行個體類型。如果您的政策以其中一個執行個體類型為目標，Amazon Data Lifecycle Manager 可能仍會建立VSS備份，但快照可能不會標記必要的系統標籤。如果沒有這些標籤，Amazon Data Lifecycle Manager 建立快照後將不會管理快照。您可能須手動刪除這些快照。

T3：t3.nano | t3.micro
T3a：t3a.nano | t3a.micro
T2：t2.nano | t2.micro

應用程式一致快照的共同責任

您必須確保：

SSM 代理程式已安裝 up-to-date，並在目標執行個體上執行
Systems Manager 具有在目標執行個體上執行必要動作的許可
Amazon Data Lifecycle Manager 具有在目標執行個體上執行前置和後置指令碼所需的 Systems Manager 動作執行許可。
對於自訂工作負載，例如自我管理的 My SQL、Postgre SQL或 InterSystems IRIS資料庫，您使用SSM的文件包含凍結、排清和解凍資料庫組態的正確和必要動作。
快照建立時間與工作負載排程一致。例如，嘗試在排定的維護時段時段排程快照建立作業。

Amazon Data Lifecycle Manager 需確保：

快照建立作業會在排定快照建立時間的 60 分鐘內起始。
快照建立作業起始之前會執行前置指令碼。
後置指令碼會在前置指令碼成功且快照建立作業已起始之後執行。只有在前置指令碼成功時，Amazon Data Lifecycle Manager 才會執行後置指令碼。如果前置指令碼失敗，Amazon Data Lifecycle Manager 將不會執行後置指令碼。
建立快照時會使用適當的標籤來標記快照。
CloudWatch 指標和事件會在啟動指令碼，以及失敗或成功時發出。

您的瀏覽器已停用或無法使用 Javascript。

您必須啟用 Javascript，才能使用 AWS 文件。請參閱您的瀏覽器說明頁以取得說明。

文件慣用形式

建立快照的自訂政策

前置和後置指令碼的其他使用案例

使用 Data Lifecycle Manager 自動化應用程式一致性快照

主題

使用前置和後置指令碼的需求

開始使用應用程式一致快照

準備備份的目標執行個體 VSS

準備備份的目標執行個體 SAP HANA

準備目標執行個體自訂SSM文件

注意

注意下列事項：

若要建立SSM命令文件

重要

若要建立SSM命令文件

注意

重要

將受管政策連接至自訂角色

將受管政策連接至自訂角色

建立快照生命週期政策

注意

注意

注意

建立快照生命週期政策

Amazon Data Lifecycle Manager VSS 備份的考量事項

注意

不支援的執行個體類型

應用程式一致快照的共同責任

您必須確保：

Amazon Data Lifecycle Manager 需確保：