Creating backup copies across AWS Regions - AWS Backup

Creating backup copies across AWS Regions

Using AWS Backup, you can copy backups to multiple AWS Regions on demand or automatically as part of a scheduled backup plan. Cross-Region replication is particularly valuable if you have business continuity or compliance requirements to store backups a minimum distance away from your production data. For a video tutorial, see Managing cross-Region copies of backups.

When you copy a backup to a new AWS Region for the first time, AWS Backup copies the backup in full. If a service supports incremental backups, subsequent copies of that backup in the same AWS Region will be incremental. AWS Backup will re-encrypt your copy using the customer managed key of your destination vault.

You can use AWS Backup to copy your backups for all supported, defining different backup plans in different Regions, subject to the following limitations:

  • DynamoDB does not support cross-Region backup.

  • Amazon RDS and Aurora support cross-Region backup, or cross-account backup, but not both in the same backup plan. You can use a AWS Lambda script to accomplish both. Also, copying Amazon RDS custom option groups across AWS Regions is not supported.

  • Amazon EFS supports cross-Region copy at the plan level. To apply a different copy rule to a subset of file systems, create a new plan.

Cross-Region backup is available in all AWS Regions where AWS Backup is available except for Asia Pacific (Hong Kong), Middle East (Bahrain), Europe (Milan), and Africa (Cape Town).

Performing on-demand cross-Region backup

To copy an existing backup on-demand

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. Choose Backup vaults.

  3. Choose a vault and choose a recovery point from the vault.

  4. Choose the Copy button.

  5. Enter the following values:

    Destination Region

    Choose the destination AWS Region for the copy. You can add a new copy rule per copy to a new destination.

    Note

    Copying Amazon DynamoDB tables across AWS Regions is not supported.

    (Advanced settings) Backup vault

    Choose the destination backup vault for the copy.

    (Advanced settings) IAM role

    Choose the IAM role that AWS Backup will use when creating the copy. The role must also have AWS Backup listed as a trusted entity, which enables AWS Backup to assume the role. If you choose Default and the AWS Backup default role is not present in your account, one will be created for you with the correct permissions.

    (Advanced settings) Lifecycle

    Choose when to transition the backup copy to cold storage and when to expire (delete) the copy. Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. This value cannot be changed after a copy has transitioned to cold storage.

    Currently only Amazon EFS file system backups can be transitioned to cold storage. The cold storage expression is ignored for the backups of Amazon Elastic Block Store (Amazon EBS), Amazon Relational Database Service (Amazon RDS), Amazon Aurora, Amazon DynamoDB, and Storage Gateway.

    Expire specifies the number of days after creation that the copy is deleted. This value must be greater than 90 days beyond the Transition to cold storage value.

  6. Choose Create backup copy.

Scheduling cross-Region backup

You can use a scheduled backup plan to copy backups across AWS Region.

To copy a backup using a scheduled backup plan

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In My account, choose Backup plans, and then choose Create Backup plan.

  3. On the Create Backup plan page, choose Build a new plan.

  4. For Backup plan name, enter a name for your backup plan.

  5. In the Backup rule configuration section, add a backup rule that defines a backup schedule, backup window, and lifecycle rules. You can add more backup rules later.

    For Rule name, enter a name for your rule.

  6. In the Schedule section under Frequency, choose how often you want the backup to be taken.

  7. For Backup window, choose Use backup window defaults (recommended). You can customize the backup window.

  8. For Backup vault, choose a vault from the list. Recovery points for this backup will be saved in this vault. You can create a new backup vault.

  9. In the Generate copy - optional section, enter the following values:

    Destination Region

    Choose the destination AWS Region for your backup copy. Your backup will be copied to this Region. You can add a new copy rule per copy to a new destination.

    Note

    Copying Amazon DynamoDB tables across AWS Regions is not supported.

    Copy to another account's vault

    Do not toggle this option. To learn more about cross-account copy, see Creating backup copies across AWS accounts

    Destination Backup Vault

    Choose the backup vault in the destination Region where AWS Backup will copy your backup.

    If you would like to create a new backup vault for cross-Region copy, choose Create new Backup vault. Enter the information in the wizard. Then choose Create Backup vault.

  10. Choose Create plan.