AWS Backup
Developer Guide

Step 1: Create a Scheduled Backup

In the first step of this AWS Backup tutorial, you create a backup plan, assign resources to it, and then create a backup vault.

Before you begin, ensure that you have the required prerequisites. For more information, see Getting Started with AWS Backup.

Create a Backup Plan by Modifying an Existing One

A backup plan is a policy expression that defines when and how you want to back up your AWS resources, such as Amazon DynamoDB tables or Amazon Elastic File System (Amazon EFS) file systems. You assign resources to backup plans, and AWS Backup then automatically backs up and retains backups for those resources according to the backup plan. For more information, see Managing Backups Using Backup Plans.

There are two ways to create a new backup plan: You can build one from scratch or build one based on an existing backup plan. This example uses the AWS Backup console to modify a backup plan supplied by AWS Backup.

To create a backup plan

  1. Sign in to the AWS Management Console, and open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. Choose Start from an existing plan.

  3. Choose a plan from the list; for example, Daily-Monthly-1yr-Retention.

  4. Give your plan a name; for example, BusinessCriticalBackupPlan.

  5. To edit a rule, choose the rule and then choose Edit. Review and choose the values that you want for your rule. For example, you can extend the retention period of the backup in the Monthly rule to three years instead of one year.

  6. For the backup vault, choose Default.

  7. When you have finished editing the rule, choose Create plan.

A summary page appears and gives you the option of assigning resources for your new backup plan. After reviewing the information summary, choose Assign resources to prepare for the next section.

Assign Resources to a Backup Plan

To apply backup plans to your AWS resources, you choose a backup plan and assign resources to it by using tags or listing the resource IDs directly. For more information about resources, see Assigning Resources to a Backup Plan.

If you don’t already have existing AWS resources that you want to assign to a backup plan, create some new resources to use for this exercise. You can create multiple resources from several or all of the supported services. These resources can include Amazon EBS volumes, Amazon RDS instances, DynamoDB tables, Amazon EFS file systems, and AWS Storage Gateway volumes.

Note

To assign resources by tags, you must apply tags to your resources. For example, you might want to tag all of the resources for this exercise with the key-value pair of BackupPlan:MissionCritical.

To assign resources to a backup plan

  1. On the AWS Backup console, choose Create backup plan.

  2. In the Resource assignment name list, choose a name for the resource assignment.

    For example, you can name your resource selection, ApplicationFoo. You can then assign all the AWS resources used for this application, which might be a mix of Amazon EBS volumes, Amazon EFS file systems, and Amazon RDS tables.

  3. Under IAM role, choose Default role.

    Note

    If the AWS Backup default role is not present in your account, one will be created for you with the correct permissions.

    If you choose a role other than Default role, the role name must include either the string AwsBackup or AWSBackup. Role names without one of those strings will not have sufficient permissions to perform the operation.

  4. In the Assign resources section, ensure that the Assign by control displays Tags. Enter a key and value that your resources are tagged with; for example, BackupPlan:MissionCritical. Choose Add assignment to add all resources that are tagged with your chosen key-value pair.

    Any supported resource in the selected Region that is tagged with this key-value pair is automatically assigned to this backup plan.

  5. When a new Assign by control appears below your first resource assignment, change the value to Resource Id.

  6. Choose the resource type that you want to add to your selection, for example, EBS. Choose Volume Id, and note that the control is prepopulated with the available resources of this type.

  7. Choose a resource in the list, and then choose Add assignment.

  8. When you have finished adding resources, choose Assign resources.

You then return to the summary page, which contains information about your backup plan, your backup rules, and your resource assignments.

Create a Backup Vault

Instead of using the default backup vault that is automatically created for you on the AWS Backup console, you can create specific backup vaults to save and organize groups of backups in the same vault.

For more information about backup vaults, see Organizing Backups Using Backup Vaults.

To create a backup vault

  1. On the AWS Backup console, in the navigation pane, choose Backup vaults.

    Note

    If the navigation pane is not visible on the left side, you can open it by choosing the menu icon in the upper-left corner of the AWS Backup console.

  2. Choose Create backup vault.

  3. Enter a name for your backup vault. You can name your vault to reflect what you will store in it, or to make it easier to search for the backups you need. For example, you could name it FinancialBackups.

  4. Select an AWS KMS key. You can use either a key that you already created, or the default AWS Backup master key.

    Note

    The AWS KMS key that is specified here applies only to backups of services that support AWS Backup encryption. Currently only Amazon Elastic File System (Amazon EFS) is supported.

  5. Optionally, add tags that will help you search for and identify your backup vault. For example, you could add a BackupType:Financial tag.

  6. Choose Create backup vault.

  7. In the navigation pane, choose Backup vaults, and verify that your backup vault has been added.

Note

You can now edit a backup rule to store backups that are created by the rule in the backup vault you just created.

Next Steps

To create an on-demand backup of a resource, proceed to Step 2: Create an On-Demand Backup.