Restoring to a specified time using point-in-time recovery - AWS Backup

Restoring to a specified time using point-in-time recovery

AWS Backup supports continuous backups and point-in-time recovery (PITR) in addition to snapshot backups. With continuous backups, you can restore your AWS Backup-supported resource by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). Compare that with snapshot backups, which you can only take as frequently as every hour. You can also store snapshot backups for a maximum of 100 years. Because continuous and snapshot backups offer different advantages, we recommend that you protect your resources with both continuous and snapshot backup rules.

Continuous backup works by first creating a full backup of your resource, and then constantly backing up your resource’s transaction logs. PITR restore works by accessing your full backup and replaying the transaction log to the time that you tell AWS Backup to recover.

You can enable continuous backups when you create a backup plan in AWS Backup using the AWS Backup console or the API.

To enable continuous backups using the console

  1. Sign in to the AWS Management Console, and open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup plans, and then choose Create Backup plan.

  3. Under Backup rules, choose Add Backup rule.

  4. In the Backup rule configuration section, select Enable continuous backups for supported resources.

Supported services and applications for point-in-time Recovery

AWS Backup supports continuous backups and point-in-time recovery for the following services and applications. This section describes resource-specific advantages, limitations, and best practices for using PITR in AWS Backup.

Amazon RDS

Amazon RDS calls its continuous backups "automated backups." AWS Backup calls Amazon RDS continuous backups "continuous backups."

If you use AWS Backup for both Amazon RDS snapshots and continuous backups, AWS Backup will intelligently schedule your backup windows, along with the Amazon RDS maintenance window, to prevent conflicts. You no longer have to manually schedule one backup window hours before another.

Note

AWS Backup currently does not support Amazon Aurora continuous backups. AWS Backup supports Aurora snapshots.

You can't control the Amazon RDS automated backup window. This is because AWS Backup intelligently schedules it for you.

When you change your PITR retention period, AWS Backup calls ModifyDBInstance and applies that change immediately. If you have other configuration updates pending the next maintenance window, changing your PITR retention period will also apply those configuration updates immediately. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference .

You can perform a point-in-time recovery using either AWS Backup or Amazon RDS. For AWS Backup console instructions, see Restoring an Amazon RDS Database. For Amazon RDS instructions, see Restoring a DB Instance to a specified time in the Amazon RDS User Guide.

Keep in mind the following when performing a point-in-time recovery:

  • Restoring recent activity — You might not be able to restore the most recent 5 minutes of activity due to how Amazon RDS handles its transaction logs.

  • Creating copies of Amazon RDS continuous backups — You can't create copies of Amazon RDS continuous backups because Amazon RDS does not allow copying transaction logs.

For general information about working with Amazon RDS, see the Amazon RDS User Guide.

Managing continuous backup settings

After you apply an AWS Backup continuous backup rule to an Amazon RDS instance, you can't create or modify continuous backup settings to that instance in Amazon RDS. This limitation exists to prevent conflicts.

To view your continuous backup in Amazon RDS, open your instance details page in the Amazon RDS console, choose Maintenance and backup, and find the Automated backup field.

To transition control of continuous backup for that Amazon RDS instance back to Amazon RDS, you can use the AWS Backup console, AWS CLI, or API.

To transition continuous backup control to Amazon RDS using the AWS Backup console

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup plans.

  3. Delete all the Amazon RDS backup plans with continuous backup protecting that resource.

  4. Choose Backup vaults. Delete the continuous backup recovery point from your backup vault. Or, wait for their retention period to elapse, causing AWS Backup to automatically delete the recovery point.

After you complete these steps, AWS Backup will transition continuous backup control of your resource back to Amazon RDS.

To transition continuous backup control to Amazon RDS using the AWS Backup API or CLI

IAM permissions required for Amazon RDS continuous backups

  • To use AWS Backup to configure continuous backups for your Amazon RDS database, verify that the API permission rds:ModifyDBInstance exists in the IAM role defined by your backup plan configuration. To restore Amazon RDS continuous backups, you must add the permission rds:RestoreDBInstanceToPointInTime to the IAM role that you submitted for the restore job. You can use the AWS Backup default service role to perform backups and restores.

  • To describe the range of times available for point-in-time recovery, AWS Backup calls rds:DescribeDBInstanceAutomatedBackupsAPI. In the AWS Backup console, you must have the rds:DescribeDBInstanceAutomatedBackups API permission in your AWS Identity and Access Management (IAM) managed policy. You can use the AWSBackupFullAccess or AWSBackupOperatorAccess managed policies. Both policies have all required permissions. For more information, see Managed Policies.

Working with continuous backups

Finding a continuous backup

You can use the AWS Backup console to find your continuous backup.

To find a continuous backup using the AWS Backup console

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup vaults, and then choose your backup vault in the list.

  3. In the Backups section, in the Backup type column, sort for Continuous recovery points. You can also sort by Recovery point ID for the prefix continuous.

Restoring a continuous backup

To restore a continuous backup using the AWS Backup console

  • During the PITR restore process, the AWS Backup console displays a Restore time section. In this section, do one of the following:

    • Choose to restore to the Latest restorable time.

    • Choose Specify date and time to enter your own date and time within your retention period.

To restore a continuous backup using the AWS Backup API

  • Call the StartRestoreJob API operation with the RestoreTime parameter, as in the following example.

    “RestoreTime”:”2011-09-07T23:45:00Z”

    You must express RestoreTime in Universal Coordinated Time (UTC). For more information, see RestoreTime.

Stopping continuous backups

If you want to stop continuous backups, you must delete the continuous backup rule from your backup plan. If, instead, you only delete a continuous backup recovery point from your backup vault, your backup plan will still continue to execute the continuous backup rule, creating a new recovery point.

However, even after you delete your continuous backup rule, AWS Backup remembers the retention period from your now-deleted backup rule. It will automatically delete your continuous backup recovery point from your backup vault based on your specified retention period.

Making copies of continuous backups

If a continuous backup rule also specifies a cross-account or cross-Region copy, AWS Backup takes a snapshot of the continuous backup, copies that snapshot to the destination vault, and then deletes the source snapshot. To learn more about copying your recovery points across accounts and Regions, see Copying a backup .

AWS Backup does not support on-demand copies of continuous backups. AWS Backup does not support copies of Amazon RDS continuous backups because Amazon RDS does not allow copies of its transaction logs.

Changing your retention period

You can use AWS Backup to increase or decrease the retention period for your existing continuous backup rule. The minimum retention period is 1 day. The maximum retention period is 35 days.

If you increase your retention period, the effect is immediate. If you decrease your retention period, AWS Backup will wait until enough time passes before applying the change to protect against data loss. For example, if you decrease your retention period from 35 days to 20, AWS Backup will continue to preserve 35 days of continuous backup until 15 days have passed. This design protects your last 15 days of backups at the time you made the change.

Removing the only continuous backup rule from a backup plan

When you create a backup plan with a continuous backup rule and then you remove that rule, AWS Backup remembers the retention period from your now-deleted rule. It will delete the continuous backup from your backup vault when the retention period elapses.

Overlapping continuous backups on the same resource

In general, you should protect each resource with no more than one continuous backup rule. This is because additional continuous backups are redundant. However, as you scale up your backup estate, it is possible for multiple backup plans, rules, and vaults to overlap on a single resource. AWS Backup handles these overlaps as follows.

If you include the same resource in more than one backup plan with a continuous backup rule, AWS Backup will only create a continuous backup for the first backup plan it evaluates. It will create snapshot backups for all of the other backup plans.

If you include multiple continuous backup rules in a single backup plan:

  • If your rules point to the same backup vault, AWS Backup only creates a continuous backup for the rule with the longest retention period. It disregards all other rules.

  • If your rules point to different backup vaults, AWS Backup rejects the plan as not valid.

Point-in-time recovery considerations

Be aware of the following considerations for point-in-time recovery:

  • Automatic fallback to snapshots — If AWS Backup is unable to perform a continuous backup, it tries to perform a snapshot backup instead.

  • No support for on-demand continuous backups — AWS Backup doesn't support on-demand continuous backup because on-demand backup records a point in time, whereas continuous backup records changes over a period of time.

  • No support for transition to cold storage — Continuous backups don't support transition to cold storage because transition to cold requires a minimum transition period of 90 days, whereas continuous backups have a maximum retention period of 35 days.