Getting started 3: Create a scheduled backup - AWS Backup

Getting started 3: Create a scheduled backup

In this step of the AWS Backup tutorial, you create a backup plan, assign resources to it, and then create a backup vault.

Before you begin, ensure that you have the required prerequisites. For more information, see Getting started with AWS Backup.

Step 1: Create a backup plan by modifying an existing one

A backup plan is a policy expression that defines when and how you want to back up your AWS resources, such as Amazon DynamoDB tables or Amazon Elastic File System (Amazon EFS) file systems. You assign resources to backup plans, and AWS Backup then automatically backs up and retains backups for those resources according to the backup plan. For more information, see Managing backups using backup plans.

There are two ways to create a new backup plan: You can build one from scratch or build one based on an existing backup plan. This example uses the AWS Backup console to create a backup plan by modifying an existing backup plan.

To create a backup plan from an existing one

  1. Sign in to the AWS Management Console, and open the AWS Backup console at

  2. From the dashboard, choose Manage Backup plans. Or, using the navigation pane, choose Backup plans and choose Create Backup plan.

  3. Choose Start with template, choose a plan from the list (for example, Daily-Monthly-1yr-Retention), and enter a name in the Backup plan name box.


    If you try to create a backup plan that is identical to an existing plan, you get an AlreadyExistsException error.

  4. On the plan summary page, choose the backup rule you want and then choose Edit.

  5. Review and choose the values that you want for your rule. For example, you can extend the retention period of the backup in the Monthly rule to three years instead of one year. If your plan includes Amazon EFS backups, you can configure lifecycle policies that automatically transition these backups from warm storage to cold storage according to a schedule that you define.

  6. For the backup vault, choose Default or choose Create new Backup vault to create a new vault.

  7. (Optional)- choose an AWS Region from the list in Destination region to copy the backup to different Region. To add more Regions, choose Add copy.

  8. When you have finished editing the rule, choose Save Backup rule.

On the Summary page, choose Assign resources to prepare for the next section.

Step 2: Assign resources to a backup plan

To apply backup plans to your AWS resources, you choose a backup plan and assign resources to it by using tags or listing the resource IDs directly. For more information about resources, see Assigning resources to a backup plan.


If you are protecting more than 100 resources in a plan, we recommend that you use tag-based management.

If you don’t already have existing AWS resources that you want to assign to a backup plan, create some new resources to use for this exercise. You can create multiple resources from several or all of the supported AWS resources and third-party applications.


To assign resources by tags, you must apply tags to your resources. For example, you might want to tag all of the resources for this exercise with the key-value pair of BackupPlan:MissionCritical.

To assign resources to a backup plan

  1. On the AWS Backup console dashboard, choose Manage Backup plans. Or, using the navigation pane, choose Backup plans.

  2. Choose a plan from the list; for example, Daily-Monthly-1yr-Retention.

  3. On the plan summary page, choose Assign resources.

  4. In the Resource assignment name field, choose a name for the resource assignment.

    For example, you can name your resource selection, ApplicationFoo. You can then assign all the AWS resources used for this application, which might be a mix of Amazon EBS volumes, Amazon EFS file systems, and Amazon RDS tables.

  5. Under IAM role, choose Default role.


    If the AWS Backup default role is not present in your account, a role is created for you with the correct permissions.

    If you choose a role other than the Default role make sure that your custom role has the necessary permissions to back up all tagged resources. For more information, see Assigning resources to a backup plan.

  6. In the Assign resources section, ensure that the Assign by control displays Tags. Enter a key and value that your resources are tagged with; for example, BackupPlan:MissionCritical. Choose Add assignment to add all resources that are tagged with your chosen key-value pair.


    When creating a tag-based backup plan, if you choose a role other than Default role, make sure that it has the necessary permissions to back up all tagged resources. AWS Backup tries to process all resources with the selected tags. If it encounters a resource that it doesn't have permission to access, the backup plan fails.

    Any supported resource in the selected Region that is tagged with this key-value pair is automatically assigned to this backup plan.

  7. When a new Assign by control appears below your first resource assignment, change the value to Resource ID.

  8. Choose the resource type that you want to add to your selection, for example, EBS. Place your cursor in the Volume ID field, and the available resources for this type will appear.

  9. Choose a resource from the list, and then choose Add assignment.

  10. When you have finished adding resources, choose Assign resources.

You then return to the plan summary page, which contains information about your backup plan, your backup rules, your resource assignments, and any backup plan tags.

Step 3: Create a backup vault

Instead of using the default backup vault that is automatically created for you on the AWS Backup console, you can create specific backup vaults to save and organize groups of backups in the same vault.

For more information about backup vaults, see Working with backup vaults.

To create a backup vault

  1. On the AWS Backup console, in the navigation pane, choose Backup vaults.


    If the navigation pane is not visible on the left side, you can open it by choosing the menu icon in the upper-left corner of the AWS Backup console.

  2. Choose Create backup vault.

  3. Enter a name for your backup vault. You can name your vault to reflect what you will store in it, or to make it easier to search for the backups you need. For example, you could name it FinancialBackups.

  4. Select an AWS Key Management Service (AWS KMS) key. You can use either a key that you already created, or select the default AWS Backup KMS key.


    The AWS KMS key that is specified here applies only to backups of services that support AWS Backup encryption. Currently only Amazon Elastic File System (Amazon EFS) is supported.

  5. Optionally, add tags that will help you search for and identify your backup vault. For example, you could add a BackupType:Financial tag.

  6. Choose Create Backup vault.

  7. In the navigation pane, choose Backup vaults, and verify that your backup vault has been added.


You can now edit a backup rule in one of your backup plans to store backups created by that rule in the backup vault you just created.

Next steps

To back up Amazon EFS file systems specifically, proceed to Getting started 4: Create Amazon EFS automatic backups.