Creating backup copies across Amazon Web Services Regions
Using Amazon Backup, you can copy backups to multiple Amazon Web Services Regions on demand or automatically
as part of a scheduled backup plan. Cross-Region replication is particularly valuable if you
have business continuity or compliance requirements to store backups a minimum distance away
from your production data. For a video tutorial, see Managing cross-Region copies of
backups
When you copy a backup to a new Amazon Web Services Region for the first time, Amazon Backup copies the backup in full. In general, if a service supports incremental backups, subsequent copies of that backup in the same Amazon Web Services Region will be incremental. Amazon Backup will re-encrypt your copy using the customer managed key of your destination vault.
An exception is Amazon EBS, which states that, changing the encryption status of a snapshot during a copy operation results in a full (not incremental) copy.
Requirements
-
Most Amazon Backup-supported resources support cross-Region backup. For specifics, see Feature availability by resource.
-
Most Amazon Regions support cross-Region backup. For specifics, see Feature availability by Amazon Web Services Region.
-
Amazon Backup does not support cross-Region copies for storage in cold tiers.
Cross-Region copy considerations with specific resources
Amazon RDS
You can't copy an option group to another Amazon Web Services Region. If this attempted, you can get an error, such as "The snapshot requires a target option group with the following options: ...."
You must input the same option groups in the target Amazon Web Services Region when you create a new cross-Region copy of an Amazon RDS snapshot.
Performing on-demand cross-Region backup
To copy an existing backup on-demand
Open the Amazon Backup console at https://console.amazonaws.cn/backup
. -
Choose Backup vaults.
-
Choose the vault that contains the recovery point you want to copy.
-
In the Backups section, select a recovery point to copy.
-
Using the Actions dropdown button, choose Copy.
-
Enter the following values:
- Copy to destination
-
Choose the destination Amazon Web Services Region for the copy. You can add a new copy rule per copy to a new destination.
- Destination Backup vault
-
Choose the destination backup vault for the copy.
- Transition to cold storage
-
Choose when to transition the backup copy to cold storage. Backups transitioned to cold storage must be stored there for a minimum of 90 days. This value cannot be changed after a copy has transitioned to cold storage.
To see the list of resources that you can transition to cold storage, see the "Lifecycle to cold storage" section of the Feature availability by resource table. The cold storage expression is ignored for other resources.
- Retention period
-
Choose specifies the number of days after creation that the copy is deleted. This value must be greater than 90 days beyond the Transition to cold storage value. The Always retention period retains your copy indefinitely.
- IAM role
-
Choose the IAM role that Amazon Backup will use when creating the copy. The role must also have Amazon Backup listed as a trusted entity, which enables Amazon Backup to assume the role. If you choose Default and the Amazon Backup default role is not present in your account, one will be created for you with the correct permissions.
-
Choose Copy.
Scheduling cross-Region backup
You can use a scheduled backup plan to copy backups across Amazon Web Services Regions.
To copy a backup using a scheduled backup plan
Open the Amazon Backup console at https://console.amazonaws.cn/backup
. -
In My account, choose Backup plans, and then choose Create Backup plan.
-
On the Create Backup plan page, choose Build a new plan.
-
For Backup plan name, enter a name for your backup plan.
-
In the Backup rule configuration section, add a backup rule that defines a backup schedule, backup window, and lifecycle rules. You can add more backup rules later.
-
For Backup rule name, enter a name for your rule.
-
For Backup vault, choose a vault from the list. Recovery points for this backup will be saved in this vault. You can create a new backup vault.
-
For Backup frequency, choose how often you want to take backups.
-
For services that support PITR, if you want this feature, choose Enable continuous backups for point-in-time recovery (PITR). For a list a services that support PITR, see that section of the Feature availability by resource table.
-
For Backup window, choose Use backup window defaults - recommended. You can customize the backup window.
-
For Copy to destination, Choose the destination Amazon Web Services Region for your backup copy. Your backup will be copied to this Region. You can add a new copy rule per copy to a new destination. Then enter the following values:
- Copy to another account's vault
-
Do not toggle this option. To learn more about cross-account copy, see Creating backup copies across Amazon Web Services accounts
- Destination Backup vault
-
Choose the backup vault in the destination Region where Amazon Backup will copy your backup.
If you would like to create a new backup vault for cross-Region copy, choose Create new Backup vault. Enter the information in the wizard. Then choose Create Backup vault.
-
-
Choose Create plan.