Continuous backups and point-in-time restore (PITR) - AWS Backup
Supported servicesFinding a continuous backupRestoring a continuous backupStopping or deleting continuous backupsCopying continuous backupsChanging your retention periodRemoving the only continuous backup rule from a backup planOverlapping continuous backups on the same resourcePoint-in-time recovery considerations

Continuous backups and point-in-time restore (PITR)

For some resources, AWS Backup supports continuous backups and point-in-time recovery (PITR) in addition to snapshot backups.

With continuous backups, you can restore your AWS Backup-supported resource by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). Continuous backup works by first creating a full backup of your resource, and then constantly backing up your resource’s transaction logs. PITR restore works by accessing your full backup and replaying the transaction log to the time that you tell AWS Backup to recover.

Alternatively, snapshot backups can be taken as frequently as every hour. Snapshot backups can be stored for up to a maximum of 100 years. Snapshots can by copied for full or incremental backups.

Because continuous and snapshot backups offer different advantages, we recommend that you protect your resources with both continuous and snapshot backup rules.

An on-demand backup begins to back up your resource immediately. You can choose an on-demand backup if you wish to create a backup at a time other than the scheduled time defined in a backup plan. An on-demand backup can be used, for example, to test backup and functionality at any time.

You can't use on-demand backups with point-in-time restore (PITR), because an on-demand backup preserves resources in the state they are in when the backup is taken, while PITR uses continuous backups, which record changes over a period of time.

You can opt in to continuous backups for supported resources when you create a backup plan in AWS Backup using the AWS Backup console or the API. The continuous backup plan creates one continuous recovery point and updates that recovery point whenever the job runs.

Supported services for continuous backup / point in time restore (PITR)

AWS Backup supports continuous backups and point-in-time recovery for the following services and applications:

Amazon S3

To turn on PITR for S3 backups, continuous backups need to part of the backup plan.

While this original backup of the source bucket can have PITR active, cross-Region or cross-account destination copies will not have PITR, and restoring from these copies will restore to the time they were created (the copies will be snapshot copies) instead of restoring to a specified point in time.

RDS

Backup schedules: When an AWS Backup plan creates both Amazon RDS snapshots and continuous backups, AWS Backup will intelligently schedule your backup windows to coordinate with the Amazon RDS maintenance window to prevent conflicts. To further prevent conflicts, manual configuration of the Amazon RDS automated backup window is unavailable. RDS takes snapshots once per day regardless if a backup plan has a frequency for snapshot backups other than once per day.

Settings: After you apply an AWS Backup continuous backup rule to an Amazon RDS instance, you can't create or modify continuous backup settings to that instance in Amazon RDS; modifications must be done through the AWS Backup console or the AWS Backup CLI.

Transition control of continuous backup for an Amazon RDS instance back to Amazon RDS:

Console

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup plans.

  3. Delete all the Amazon RDS backup plans with continuous backup protecting that resource.

  4. Choose Backup vaults. Delete the continuous backup recovery point from your backup vault. Or, wait for their retention period to elapse, causing AWS Backup to automatically delete the recovery point.

After you complete these steps, AWS Backup will transition continuous backup control of your resource back to Amazon RDS.

AWS CLI

Call the DisassociateRecoveryPoint API operation.

To learn more, see DisassociateRecoveryPoint.
IAM permissions required for Amazon RDS continuous backups

  • To use AWS Backup to configure continuous backups for your Amazon RDS database, verify that the API permission rds:ModifyDBInstance exists in the IAM role defined by your backup plan configuration. To restore Amazon RDS continuous backups, you must add the permission rds:RestoreDBInstanceToPointInTime to the IAM role that you submitted for the restore job. You can use the AWS Backup default service role to perform backups and restores.

  • To describe the range of times available for point-in-time recovery, AWS Backup calls rds:DescribeDBInstanceAutomatedBackups. In the AWS Backup console, you must have the rds:DescribeDBInstanceAutomatedBackups API permission in your AWS Identity and Access Management (IAM) managed policy. You can use the AWSBackupFullAccess or AWSBackupOperatorAccess managed policies. Both policies have all required permissions. For more information, see Managed Policies.

Retention periods: When you change your PITR retention period, AWS Backup calls ModifyDBInstance and applies that change immediately. If you have other configuration updates pending the next maintenance window, changing your PITR retention period will also apply those configuration updates immediately. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

Copies of Amazon RDS continuous backups:

  • Incremental snapshot copy jobs process faster than full snapshot copy jobs. Keeping a previous snapshot copy until the new copy job is complete may reduce the copy job duration. If you choose to copy snapshots from RDS database instances, it is important to note that deleting previous copies first will cause full snapshot copies to be made (instead of incremental). For more information on optimizing copying, see Incremental snapshot copying in the Amazon RDS User Guide

  • Creating copies of Amazon RDS continuous backups — You can't create copies of Amazon RDS continuous backups because AWS Backup for Amazon RDS does not allow copying transaction logs. Instead, AWS Backup creates a snapshot and copies it with the frequency specified in the backup plan.

Restores: You can perform a point-in-time restore using either AWS Backup or Amazon RDS. For AWS Backup console instructions, see Restoring an Amazon RDS Database. For Amazon RDS instructions, see Restoring a DB Instance to a specified time in the Amazon RDS User Guide.

Tip

A multi AZ (availability zone) database instance set to Always On should not have a backup retention set to zero. If errors occur, use AWS CLI command disassociate-recovery-point instead of delete-recovery-point, then change the retention setting to 1 in your Amazon RDS settings.

For general information about working with Amazon RDS, see the Amazon RDS User Guide.

Aurora

To enable continuous backup of your Aurora resources, see the steps in the first section of this page.

The procedure to restore an Aurora cluster to a point in time is a variation of the steps to restore a snapshot of an aurora cluster.

When you conduct a point in time restore, the console displays a restore time section. See Restoring a continuous backup further down on this page in Working with Continuous backups.

SAP HANA on Amazon EC2 instances

You can make continuous backups , which can be used with point-in-time restore (PITR) (note that on-demand backups preserve resources in the state in which they are taken; whereas PITR uses continuous backups which record changes over a period of time).

With continuous backups, you can restore your SAP HANA database on an EC2 instance by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). Continuous backup works by first creating a full backup of your resource, and then constantly backing up your resource’s transaction logs. PITR restore works by accessing your full backup and replaying the transaction log to the time that you tell AWS Backup to recover.

You can opt in to continuous backups when you create a backup plan in AWS Backup using the AWS Backup console or the API.

To enable continuous backups using the console

  1. Sign in to the AWS Management Console, and open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup plans, and then choose Create Backup plan.

  3. Under Backup rules, choose Add Backup rule.

  4. In the Backup rule configuration section, select Enable continuous backups for supported resources.

After you disable PITR (point-in-time restore) for SAP HANA database backups, logs will continue to be sent to AWS Backup until the recovery point expires (status equals EXPIRED). You can change to an alternative log backup location in SAP HANA to stop the transmission of logs to AWS Backup.

A continuous recovery point with a status of STOPPED indicates that a continuous recovery point has been interrupted; that is, the logs transmitted from SAP HANA to AWS Backup that show the incremental changes to a database have a gap. The recovery points that occur within this timeframe gap have a status of STOPPED..

For issues you may encounter during restore jobs of continuous backups (recovery points), see the SAP HANA Restore troubleshooting section of this guide.

Finding a continuous backup

You can use the AWS Backup console to find your continuous backup.

To find a continuous backup using the AWS Backup console

  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Backup vaults, and then choose your backup vault in the list.

  3. In the Backups section, in the Backup type column, sort for Continuous recovery points. You can also sort by Recovery point ID for the prefix continuous.

Restoring a continuous backup

To restore a continuous backup using the AWS Backup console

  • During the PITR restore process, the AWS Backup console displays a Restore time section. In this section, do one of the following:

    • Choose to restore to the Latest restorable time.

    • Choose Specify date and time to enter your own date and time within your retention period.

To restore a continuous backup using the AWS Backup API

  1. For Amazon S3 see Use the AWS Backup API, CLI, or SDK to restore S3 recovery points.

  2. For Amazon RDS see Use the AWS Backup API, CLI, or SDK to restore Amazon RDS recovery points.

Stopping or deleting continuous backups

You can stop the creation of continuous backups or you can delete specific backups (point-in-time-recovery or PITR points).

If you want to stop continuous backups, you must delete the continuous backup rule from your backup plan. If you wish to stop continuous backups for one or more resources but not for all resources, create a new backup plan with the continuous backup rule for those resources you still want to be continuously backed up. If instead you only delete a continuous backup recovery point from your backup vault, your backup plan will still continue to execute the continuous backup rule, creating a new recovery point.

However, even after you delete your continuous backup rule, AWS Backup remembers the retention period from your now-deleted backup rule. It will automatically delete your continuous backup recovery point from your backup vault based on your specified retention period.

When deleting Amazon RDS recovery points, consider:

  • A multi AZ (availability zone) database instance set to Always On should not have a backup retention set to zero. If errors occur, use AWS CLI command disassociate-recovery-point instead of delete-recovery-point, then change the retention setting to 1 in your Amazon RDS settings.

  • When a point-in-time recovery point (a backup created by continuous backup) for Amazon RDS is deleted, a database reboot is triggered and the binary logs are disabled. For further detail see Backup retention period in the Amazon RDS User Guide.

When deleting Aurora recovery points, consider:

If this is selected for an Amazon Aurora recovery point, AWS Backup sets the retention period to 1 day. Aurora backups cannot be completely deleted until the source cluster has also been deleted.

Copying continuous backups

If a continuous backup rule also specifies a cross-account or cross-Region copy, AWS Backup takes a snapshot of the continuous backup and copies that snapshot to the destination vault. To learn more about copying your recovery points across accounts and Regions, see Copying a backup .

Continuous backups create a periodic backups in accordance with the frequency set in the backup plan rule in the destination account and/or Region.

AWS Backup does not support on-demand copies of continuous backups.

Changing your retention period

You can use AWS Backup to increase or decrease the retention period for your existing continuous backup rule. The minimum retention period is 1 day. The maximum retention period is 35 days.

If you increase your retention period, the effect is immediate. If you decrease your retention period, AWS Backup will wait until enough time passes before applying the change to protect against data loss. For example, if you decrease your retention period from 35 days to 20, AWS Backup will continue to preserve 35 days of continuous backup until 15 days have passed. This design protects your last 15 days of backups at the time you made the change.

Removing the only continuous backup rule from a backup plan

When you create a backup plan with a continuous backup rule and then you remove that rule, AWS Backup remembers the retention period from your now-deleted rule. It will delete the continuous backup from your backup vault when the retention period elapses.

Overlapping continuous backups on the same resource

In general, you should protect each resource with no more than one continuous backup rule. This is because additional continuous backups are redundant. However, as you scale up your backup estate, it is possible for multiple backup plans, rules, and vaults to overlap on a single resource. AWS Backup handles these overlaps as follows.

If you include the same resource in more than one backup plan with a continuous backup rule, AWS Backup will only create a continuous backup for the first backup plan it evaluates. It will create snapshot backups for all of the other backup plans.

If you include multiple continuous backup rules in a single backup plan:

  • If your rules point to the same backup vault, AWS Backup only creates a continuous backup for the rule with the longest retention period. It disregards all other rules.

  • If your rules point to different backup vaults, AWS Backup rejects the plan as not valid.

Point-in-time recovery considerations

Be aware of the following considerations for point-in-time recovery:

  • Automatic fallback to snapshots — If AWS Backup is unable to perform a continuous backup, it tries to perform a snapshot backup instead.

  • No support for on-demand continuous backups — AWS Backup doesn't support on-demand continuous backup because on-demand backup records a point in time, whereas continuous backup records changes over a period of time.

  • No support for transition to cold storage — Continuous backups don't support transition to cold storage because transition to cold requires a minimum transition period of 90 days, whereas continuous backups have a maximum retention period of 35 days.

  • Restoring recent activity — Amazon RDS activity allows restores up until the most recent 5 minutes of activity; Amazon S3 allows restores up until the most recent 15 minutes of activity.