Working with gateways - AWS Backup

Working with gateways

To back up and restore your virtual machines (VMs) using AWS Backup, you must first install a Backup gateway. A gateway is software in the form of an OVF (Open Virtualization Format) template that connects Amazon Web Services Backup to your hypervisor, allowing it to automatically detect your virtual machines, and enables you to back up and restore them.

A single gateway can run up to 4 backup or restore jobs at once. To run more than 4 jobs at once, create more gateways and associate them with your hypervisor.

Creating a gateway

To create a gateway:
  1. Open the AWS Backup console at

  2. In the left navigation pane, under the External resources section, choose Gateways.

  3. Choose Create gateway.

  4. In the Set up gateway section, follow these instructions to download and deploy the OVF template.

Connecting the hypervisor

Gateways connect AWS Backup to your hypervisor so you can create and store backups of your virtual machines. To set up your gateway on VMware ESXi, download the OVF template. The download may take about 10 minutes.

After it is complete, proceed with the following steps:

  1. Connect to your virtual machine hypervisor using VMware vSphere.

  2. Right-click a parent object of a virtual machine and select Deploy OVF Template.

    The Deploy OVF Template menu item.
  3. Choose Local file, and upload the aws-appliance-latest.ova file you downloaded.

    The Local file option on the Select an OVF template panel.
  4. Follow the deployment wizard steps to deploy it. On the Select storage page, select virtual disk format Thick Provision Lazy Zeroed.

    The Thick Provision Lazy Zeroed option on the Select storage panel.
  5. After deploying the OVF, right-click the gateway and choose Edit Settings.

    The Edit Settings menu item.

    1. Under VM Options, go to VM Tools.

    2. Ensure that for Synchronize Time with Host, Synchronize at start up and resume is selected.

      The Synchronize at startup and resume VM option.
  6. Turn on the virtual machine by selecting “Power On” from the Actions menu.

    The Power On menu item.
  7. Copy the IP address from the VM summary and enter it below.

    The IP Addresses field on the Summary page.

Once the VMWare software is downloaded, complete the following steps:

  1. In the Gateway connection section, type in the IP address of the gateway.

    1. To find this IP address, go to the vSphere Client.

    2. Select your gateway under the Summary tab.

    3. Copy the IP address and paste it in the AWS Backup console text bar.

  2. In the Gateway settings section,

    1. Type in a Gateway name.

    2. Verify the AWS Region.

    3. Choose whether the endpoint is publicly accessible or hosted with your virtual private cloud (VPC).

    4. Depending on the endpoint chosen, enter the VPC endpoint DNS Name.

      For more information, see Creating a VPC endpoint.

  3. [Optional] In the Gateway tags section, you can assign tags by inputting the key and optional value. To add more than one tag, click Add another tag.

  4. To complete the process, click Create gateway, which takes you to the gateway detail page.

Editing or deleting a gateway

To edit or delete a gateway:
  1. In the left navigation pane, under the External resources section, choose Gateways.

  2. In the Gateways section, choose a gateway by its Gateway name.

  3. To edit the gateway name, choose Edit.

  4. To delete the gateway, choose Delete, then choose Delete gateway.

    You cannot reactivate a deleted gateway. If you want to connect to the hypervisor again, follow the procedure in Creating a gateway .

  5. To connect to a hypervisor, in the Connected hypervisor section, choose Connect.

    Each gateway connects to a single hypervisor. However, you can connect multiple gateways to the same hypervisor to increase the bandwidth between them beyond that of the first gateway.

  6. To assign, edit, or manage tags, in the Tags section, choose Manage tags.

Backup gateway Bandwidth Throttling


This feature will be available on new gateways deployed after December 15, 2022. For existing gateways, this new capability will be available through an automatic software update on or before January 30, 2023. To update the gateway to the latest version manually, use AWS CLI command UpdateGatewaySoftwareNow.

You can limit the upload throughput from your gateway to AWS Backup to control the amount of network bandwidth the gateway uses. By default, an activated gateway has no rate limits.

You can configure a bandwidth rate-limit schedule using the AWS Backup Console or using API through the AWS CLI (PutBandwidthRateLimitSchedule). When you use a bandwidth rate limit schedule, you can configure limits to change automatically throughout the day or week.

Bandwidth rate limiting works by balancing the throughput of all data being uploaded, averaged over each second. While it is possible for uploads to cross the bandwidth rate limit briefly for any given micro- or millisecond, this does not typically result in large spikes over longer periods of time.

You can add up to a maximum of 20 intervals. The maximum value for the upload rate is 8,000,000 Mbps.

View and edit the bandwidth rate-limit schedule for your gateway using the AWS Backup console.

This section describes how to view and edit the bandwidth rate limit schedule for your gateway.

To view and edit the bandwidth rate limit schedule
  1. Open the AWS Backup console at

  2. In the left navigation pane, choose Gateways. In the Gateways pane, gateways are displayed by name. Click the radio button adjacent to the gateway name you want to manage.

  3. Once you select a radio button, the drop-down menu Action is available to click. Click Actions, then click Edit bandwidth rate limit schedule. The current schedule is displayed. By default, a new or unedited gateway has no defined bandwidth rate limits.


    You can also click Manage schedule in the gateway details page to navigate to the Edit bandwidth page.

  4. (Optional) Choose Add interval to add a new configurable interval to the schedule. For each interval, input the following information:

    1. Days of week — Select the recurring day or days on which you want the interval to apply. When chosen, the days will display below the drop-down menu. You can remove them by clicking the X next to the day.

    2. Start time — Enter the start time for the bandwidth interval, using the HH:MM 24-hour format. Time is rendered in Universal Coordinated Time (UTC).

      Note: Your bandwidth-rate-limit interval begins at the start of the specified minute.

    3. End time — Enter the end time for the bandwidth interval, using the HH:MM 24-hour format. Time is rendered in Universal Coordinated Time (UTC).


      The bandwidth-rate-limit interval ends at the end of the minute specified. To schedule an interval that ends at the end of an hour, enter 59. To schedule consecutive continuous intervals, transitioning at the start of the hour, with no interruption between the intervals, enter 59 for the end minute of the first interval. Enter 00 for the start minute of the succeeding interval.

    4. Upload rate — Enter the upload rate limit, in megabits per second (Mbps). The minimum value is 102 megabytes per second (Mbps).

  5. (Optional) Repeat the previous step as desired until your bandwidth rate-limit schedule is complete. If you need to delete an interval from your schedule, choose Remove.


    Bandwidth rate-limit intervals cannot overlap. The start time of an interval must occur after the end time of a preceding interval and before the start time of a following interval; its end time must occur before the start time of the following interval.

  6. When you are finished, click the Save changes button.

View and edit the bandwidth rate-limit schedule for your gateway using AWS CLI.

The GetBandwidthRateLimitSchedule action can be used to view the bandwidth throttle schedule for a specified gateway. If there is no schedule set, the schedule will be an empty list of intervals. Here is an example using the AWS CLI to fetch the bandwidth schedule of a gateway:

aws backup-gateway get-bandwidth-rate-limit-schedule --gateway-arn "arn:aws:backup-gateway:region:account-id:gateway/bgw-gw id"

To edit a gateway’s bandwidth throttle schedule, you can use the PutBandwidthRateLimitSchedule action. Note that you can only update a gateway’s schedule as a whole, rather than modifying, adding, or removing individual intervals. Calling this action will overwrite the gateway’s previous bandwidth throttle schedule.

aws backup-gateway put-bandwidth-rate-limit-schedule --gateway-arn "arn:aws:backup-gateway:region:account-id:gateway/gw-id" --bandwidth-rate-limit-intervals ...