What Is AWS Backup? - AWS Backup

What Is AWS Backup?

AWS Backup is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services in the cloud and on premises. Using AWS Backup, you can configure backup policies and monitor backup activity for your AWS resources in one place. AWS Backup automates and consolidates backup tasks that were previously performed service-by-service, and removes the need to create custom scripts and manual processes. With just a few clicks on the AWS Backup console, you can create backup policies that automate backup schedules and retention management.

AWS Backup provides a fully managed backup service and a policy-based backup solution that simplifies your backup management and enables you to meet your business and regulatory backup compliance requirements.

Supported resources

The following are AWS resources that you can back up and restore using AWS Backup.

Supported Service Supported Resource
Amazon FSx Amazon FSx file systems
Amazon Elastic File System (Amazon EFS) Amazon EFS file systems
Amazon DynamoDB DynamoDB tables
Amazon Elastic Compute Cloud (Amazon EC2) Amazon EC2 instances (excluding store-backed instances)
Amazon Elastic Block Store (Amazon EBS) Amazon EBS volumes
Amazon Relational Database Service (Amazon RDS) Amazon RDS databases (including all database engines)
Amazon Aurora Aurora clusters
AWS Storage Gateway (Volume Gateway) AWS Storage Gateway volumes

Supported features

Generally, AWS Backup offers the following features across all supported services.

AWS Backup ONLY offers the following feature with these select services.

AWS Backup does NOT offer the following feature-service combinations.

  • DynamoDB does not support cross-Region OR cross-account backup

  • Amazon RDS and Aurora do not support cross-Region AND cross-account backup in the same backup policy. You can choose one or the other. You can also use a custom AWS Lambda script to perform the second operation.

AWS Backup overview

AWS Backup provides the following features and capabilities.

Centralized backup management

AWS Backup provides a centralized backup console, a set of backup APIs, and the AWS Command Line Interface (AWS CLI) to manage backups across the AWS services that your applications use. With AWS Backup, you can centrally manage backup policies that meet your backup requirements. You can then apply them to your AWS resources across AWS services, enabling you to back up your application data in a consistent and compliant manner. The AWS Backup centralized backup console offers a consolidated view of your backups and backup activity logs, making it easier to audit your backups and ensure compliance.

Policy-based backup

With AWS Backup, you can create backup policies known as backup plans. Use these backup plans to define your backup requirements and then apply them to the AWS resources that you want to protect across the AWS services that you use. You can create separate backup plans that each meet specific business and regulatory compliance requirements. This helps ensure that each AWS resource is backed up according to your requirements. Backup plans make it easy to enforce your backup strategy across your organization and across your applications in a scalable manner.

Tag-based backup policies

You can use AWS Backup to apply backup plans to your AWS resources by tagging them. Tagging makes it easier to implement your backup strategy across all your applications and to ensure that all your AWS resources are backed up and protected. AWS tags are a great way to organize and classify your AWS resources. Integration with AWS tags enables you to quickly apply a backup plan to a group of AWS resources, so that they are backed up in a consistent and compliant manner.

Lifecycle management policies

AWS Backup enables you to meet compliance requirements while minimizing backup storage costs by storing backups in a low-cost cold storage tier. You can configure lifecycle policies that automatically transition backups from warm storage to cold storage according to a schedule that you define.

Currently only Amazon EFS file system backups can be transitioned to cold storage. The cold storage expression is ignored for the backups of Amazon EBS, Amazon RDS, Amazon Aurora, Amazon DynamoDB, and AWS Storage Gateway.

Cross-Region backup

Using AWS Backup, you can copy backups to multiple different AWS Regions on demand or automatically as part of a scheduled backup plan. Cross-Region backup is particularly valuable if you have business continuity or compliance requirements to store backups a minimum distance away from your production data. For more information, see Creating backup copies across AWS Regions.

Cross-account management and cross-account backup

You can use AWS Backup to manage your backups across all AWS accounts inside your AWS Organizations structure. With cross-account management, you can automatically use backup policies to apply backup plans across the AWS accounts within your organization. This makes compliance and data protection efficient at scale and reduces operational overhead. It also helps eliminate manually duplicating backup plans across individual accounts. For more information, see Managing AWS Backup resources across multiple AWS accounts.

You can also copy backups to multiple different AWS accounts inside your AWS Organizations management structure. This way, you can "fan in" backups to a single repository account, then "fan out" backups for greater resilience. Creating backup copies across AWS accounts.

Before you can use the cross-account management and cross-account backup features, you must have an existing organization structure configured in AWS Organizations. An organizational unit (OU) is a group of accounts that can be managed as a single entity. AWS Organizations is a list of accounts that can be grouped into organizational units and managed as a single entity.

Backup activity monitoring

AWS Backup provides a dashboard that makes it simple to audit backup and restore activity across AWS services. With just a few clicks on the AWS Backup console, you can view the status of recent backup jobs. You can also restore jobs across AWS services to ensure that your AWS resources are properly protected.

AWS Backup integrates with Amazon CloudWatch and Amazon EventBridge. CloudWatch allows you to track metrics and create alarms. EventBridge allows you to view and monitor AWS Backup events. For more information, see Monitoring AWS Backup events using EventBridge and Monitoring AWS Backup metrics with CloudWatch.

AWS Backup integrates with AWS CloudTrail. CloudTrail gives you a consolidated view of backup activity logs that make it quick and easy to audit how your resources are backed up. AWS Backup also integrates with Amazon Simple Notification Service (Amazon SNS), providing you with backup activity notifications, such as when a backup succeeds or a restore has been initiated. For more information, see Logging AWS Backup API calls with CloudTrail and Using Amazon SNS to track AWS Backup events.

Backup access policies

AWS Backup offers resource-based access policies for your backup vaults to define who has access to your backups. You can define access policies for a backup vault that define who has access to the backups within that vault and what actions they can take. This provides a simple and secure way to control access to your backups across AWS services, helping you meet your compliance requirements. To review AWS and customer managed policies for AWS Backup, see https://docs.aws.amazon.com/aws-backup/latest/devguide/security-iam-awsmanpol.html.

Getting started

To learn more about AWS Backup, we recommend that you start with Getting started with AWS Backup.