Create a backup vault - Amazon Backup
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create a backup vault

You must create at least one vault before creating a backup plan or starting a backup job.

When you first use the Amazon Backup console in an Amazon Web Services Region, the console automatically creates a default vault.

However, if you use Amazon Backup through the Amazon CLI, Amazon SDK, or Amazon CloudFormation, a default vault is not created. You must create your own vault.

An Amazon Web Services account can create up to 100 backup vaults per Amazon Web Services Region.

Creating a backup vault (console)

For step-by-step instructions for creating a backup vault using the Amazon Backup console, see Step 3: Create a backup vault in the Getting Started guide.

Creating a backup vault (programmatically)

The following Amazon Command Line Interface command creates a backup vault:

aws backup create-backup-vault --backup-vault-name test-vault

You can also specify the following configurations for a backup vault.

Backup vault name

Backup vault names are case sensitive. They must contain from 2 to 50 alphanumeric characters, hyphens, or underscores.

Amazon KMS encryption key

The Amazon KMS encryption key protects your backups in this backup vault. By default, Amazon Backup creates a KMS key with the alias aws/backup for you. You can choose that key or choose any other key in your account (cross-account KMS keys can be used via CLI).

You can create a new encryption key by following the Creating Keys procedure in the Amazon Key Management Service Developer Guide.

After you create a backup vault and set the Amazon KMS encryption key, you can no longer edit the key for that backup vault.

The encryption key that is specified in an Amazon Backup vault applies to the backups of certain resource types. For more information about backup encryption, see Encryption for backups in Amazon Backup in the Security section. Backups of all other resource types are backed up using the key that is used to encrypt the source resource.

Backup vault tags

These tags are associated with the backup vault to help you organize and track your backup vaults.