Adding AWS Backup to your AMS Accelerate accounts - AMS Accelerate Operations Plan

Adding AWS Backup to your AMS Accelerate accounts

If you do not use AWS Backup in your AWS accounts, you can use the AMS Accelerate configuration of AWS Backup.

AMS Accelerate backup configuration

AMS Accelerate, during onboarding, deploys AMS Accelerate-managed backup vaults and backup plans to your account, collectively referred to as the AMS Accelerate backup configuration. Use the AMS Accelerate backup configuration if you do not have an existing AWS Backup configuration and want to ensure that you're following AWS Backup best practices.

Important

The AMS Accelerate backup configuration is overwritten when updated by AMS Accelerate, so changes made to it are removed. If you need customizations, create a new plan and modify it.

AMS Accelerate-managed AWS Backup plans

The AMS Accelerate backup plan provides a quick start way for you to protect your AWS resources with a daily, weekly, monthly and yearly schedule, follow AWS Backup best practices, and benefit from the additional backup job monitoring AMS Accelerate offers. You can use the default AMS Accelerate backup plan, or create your own backup vaults and plans.

Default backup plans, AMS Accelerate multi-account landing zone

During the account onboarding, AMS ensures that there is an overarching default backup plan at the account level to safeguard your workloads. The values for the following mandatory fields are set up by default.

  • ams-default-backup-plan: This plan is a blueprint for AWS Backup best practices. It implements a daily, weekly, monthly, and yearly backup strategy.

    Resource tag key: ams:rt:backup-orchestrator

    Resource tag value: true

    RuleForDailyBackups schedule expression: cron(0 0 4 ? * * ) (a daily backup for 04:00 UTC time)

    RuleForDailyBackups delete after days: 7 days

    RuleForWeeklyBackups schedule expression: cron(0 0 2 ? * 7) (a weekly backup for 02:00 UTC time only on Saturday)

    RuleForWeeklyBackups delete after weeks: 4 weeks

    RuleForMonthlyBackups schedule expression: cron(0 2 1 * ? *) (a monthly backup for 02:00 UTC time on day 1 of the month)

    RuleForMonthlyBackups delete after weeks: 26 weeks

    RuleForYearlyBackups schedule expression: cron(0 2 1 1 ? *) (a yearly backup for 02:00 UTC time on day 1 of the month, only in January)

    RuleForYearlyBackups delete after years: 2 years

  • ams-onboarding-backup-plan: This plan is used only during account onboarding by AMS Accelerate to protect all supported resources and automatically create frequent, short retention recovery points inside the ams-onboarding-backups plan:

    Resource tag key: ams:rt:backup-orchestrator-onboarding

    Resource tag value: true

    RuleForHourlyBackups schedule expression: cron(0 * * * *) (an hourly backup)

    RuleForHourlyBackups delete after weeks: 2 weeks

AMS Accelerate-managed AWS Backup vaults

AMS Accelerate uses the following backup vaults:

  • ams-automated-backups: This vault receives all recovery points taken by the AMS Accelerate default AWS Backup plan ams-default-backup-plan.

  • ams-manual-backups: This vault is purpose-built for all backups taken using Start Backup Job automation (AWSManagedServices-StartBackupJob SSM Automation document).

  • ams-onboarding-backups: This vault receives recovery points taken during account onboarding using the temporary account onboarding backup plan ams-onboarding-backup-plan.

  • ams-patch-backups: This vault stores snapshots taken by the default AWS Backup stack Patch Manager stack.

  • ams-custom-backups: This vault is purpose-built for all backup plans created outside the default AWS Backup stack.