Troubleshooting AWS Backup - AWS Backup

Troubleshooting AWS Backup

When you use AWS Backup, you might encounter issues. The following sections can help you troubleshoot some common issues that might occur.

For general questions about AWS Backup, see the AWS Backup FAQ. You can also search for answers and post questions in the AWS Backup forum.

Troubleshooting general issues

When you back up and restore resources, you not only need permission to use AWS Backup, you must also have permission to access the resources that you want to protect. The easiest way to have the proper permissions is to choose the Default role when you assign resources to a backup plan. For more information about access control using AWS Identity and Access Management (IAM) with AWS Backup, see Access control.

If you run into issues with backing up and restoring a particular resource type, it can be helpful to review the backup and restore troubleshooting topic for that resource. For more information, see the links under How AWS Backup works with supported AWS services.

If AWS Backup fails to create or delete a resource, you can learn more about the issue by using AWS CloudTrail to view error messages or logs. For more information about using CloudTrail with AWS Backup, see Logging AWS Backup API calls with CloudTrail.

Troubleshooting creating resources

The following information can help you troubleshoot problems with creating backups.

  • In general, AWS database services cannot start backups 1 hour before or during their maintenance window or automatic backup window. Amazon FSx cannot start backups 4 hours before or during the maintenance window or automatic backup window. Snapshot backups scheduled during those times will fail. One exception: when you opt in to using AWS Backup for both snapshot and continuous backups for a supported service, you no longer need to worry about those windows because AWS Backup will schedule them for you. See Point-in-Time Recovery for a list of supported services and instructions on how to use AWS Backup to take continuous backups.

  • Creating backups for DynamoDB tables will fail while tables are being created. Creating a DynamoDB table typically takes a couple of minutes.

  • Backing up Amazon EFS file systems can take up to 7 days when the file systems are very large. Only one concurrent backup at a time can be queued for an Amazon EFS file system. If a subsequent backup is queued while a previous one is still in progress, the backup window can expire and no backup is created.

  • Amazon EBS has a soft quota of 100,000 backups per AWS Region per account, and additional backups fail when this quota is reached. If you reach this quota, you can delete excess backups or request a quota increase. For more information about requesting a quota increase, see AWS Service Quotas.

  • When creating Amazon RDS backups, consider the following:

    • If you do not use AWS Backup to manage both Amazon RDS snapshots and continuous backups with point-in-time recovery, your backups will fail if initiated if scheduled or made on-demand during the daily, user-configurable 30-minute backup window. For more information about automated Amazon RDS backups, see Working With Backups in the Amazon RDS User Guide. You can avoid this limitation by using AWS Backup to manage both Amazon RDS snapshots and continuous backups with point-in-time recovery.

    • If you initiate a backup job from the Amazon RDS console, this can conflict with an Aurora clusters backup job, causing the error Backup job expired before completion. If this occurs, configure a longer backup window in AWS Backup.

    • You cannot specify RDS options when using AWS Backup to make a backup copy. If you get an error such as "The snapshot requires a target option group with the following options: Timezone..." you must remove the option or instead use the Amazon RDS console or API to initiate the copy.

Troubleshooting deleting resources

Recovery points that are created by AWS Backup cannot be deleted in the console window of the protected resource. You can delete them on the AWS Backup console by selecting them in the vault where they are stored and then choosing Delete.

To delete a recovery point or a backup vault, you need the appropriate permissions. For more information about access control using IAM with AWS Backup, see Access control.

Troubleshooting restoring resources

Restoring using API

To restore a backup programmatically, use the StartRestoreJob API operation.

To get the configuration metadata that your backup was created with, you can call GetRecoveryPointRestoreMetadata.

See Restoring a backup for more information.

Restoring using the Console