Continuous backups and point-in-time restore (PITR) - Amazon Backup
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Continuous backups and point-in-time restore (PITR)

For some resources, Amazon Backup supports continuous backups and point-in-time recovery (PITR) in addition to snapshot backups.

With continuous backups, you can restore your Amazon Backup-supported resource by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). Continuous backup works by first creating a full backup of your resource, and then constantly backing up your resource’s transaction logs. PITR restore works by accessing your full backup and replaying the transaction log to the time that you tell Amazon Backup to recover.

Alternatively, snapshot backups can be taken as frequently as every hour. Snapshot backups can be stored for up to a maximum of 100 years. Snapshots can by copied for full or incremental backups.

Because continuous and snapshot backups offer different advantages, we recommend that you protect your resources with both continuous and snapshot backup rules.

An on-demand backup begins to back up your resource immediately. You can choose an on-demand backup if you wish to create a backup at a time other than the scheduled time defined in a backup plan. An on-demand backup can be used, for example, to test backup and functionality at any time.

You can't use on-demand backups with point-in-time restore (PITR), because an on-demand backup preserves resources in the state they are in when the backup is taken, while PITR uses continuous backups, which record changes over a period of time.

You can opt in to continuous backups for supported resources when you create a backup plan in Amazon Backup using the Amazon Backup console or the API. The continuous backup plan creates one continuous recovery point and updates that recovery point whenever the job runs.

Supported services for continuous backup / point in time restore (PITR)

Amazon Backup supports continuous backups and point-in-time recovery for the following services and applications:

Amazon S3

To turn on PITR for S3 backups, continuous backups need to part of the backup plan.

While this original backup of the source bucket can have PITR active, cross-Region or cross-account destination copies will not have PITR, and restoring from these copies will restore to the time they were created (the copies will be snapshot copies) instead of restoring to a specified point in time.

RDS

Backup schedules: When an Amazon Backup plan creates both Amazon RDS snapshots and continuous backups, Amazon Backup will intelligently schedule your backup windows to coordinate with the Amazon RDS maintenance window to prevent conflicts. To further prevent conflicts, manual configuration of the Amazon RDS automated backup window is unavailable. RDS takes snapshots once per day regardless if a backup plan has a frequency for snapshot backups other than once per day.

Settings: After you apply an Amazon Backup continuous backup rule to an Amazon RDS instance, you can't create or modify continuous backup settings to that instance in Amazon RDS; modifications must be done through the Amazon Backup console or the Amazon Backup CLI.

Transition control of continuous backup for an Amazon RDS instance back to Amazon RDS:

Console
  1. Open the Amazon Backup console at https://console.amazonaws.cn/backup.

  2. In the navigation pane, choose Backup plans.

  3. Delete all the Amazon RDS backup plans with continuous backup protecting that resource.

  4. Choose Backup vaults. Delete the continuous backup recovery point from your backup vault. Or, wait for their retention period to elapse, causing Amazon Backup to automatically delete the recovery point.

After you complete these steps, Amazon Backup will transition continuous backup control of your resource back to Amazon RDS.

Amazon CLI

Call the DisassociateRecoveryPoint API operation.

To learn more, see DisassociateRecoveryPoint.

IAM permissions required for Amazon RDS continuous backups
  • To use Amazon Backup to configure continuous backups for your Amazon RDS database, verify that the API permission rds:ModifyDBInstance exists in the IAM role defined by your backup plan configuration. To restore Amazon RDS continuous backups, you must add the permission rds:RestoreDBInstanceToPointInTime to the IAM role that you submitted for the restore job. You can use the Amazon Backup default service role to perform backups and restores.

  • To describe the range of times available for point-in-time recovery, Amazon Backup calls rds:DescribeDBInstanceAutomatedBackups. In the Amazon Backup console, you must have the rds:DescribeDBInstanceAutomatedBackups API permission in your Amazon Identity and Access Management (IAM) managed policy. You can use the AWSBackupFullAccess or AWSBackupOperatorAccess managed policies. Both policies have all required permissions. For more information, see Managed Policies.

Retention periods: When you change your PITR retention period, Amazon Backup calls ModifyDBInstance and applies that change immediately. If you have other configuration updates pending the next maintenance window, changing your PITR retention period will also apply those configuration updates immediately. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

Copies of Amazon RDS continuous backups:

  • Incremental snapshot copy jobs process faster than full snapshot copy jobs. Keeping a previous snapshot copy until the new copy job is complete may reduce the copy job duration. If you choose to copy snapshots from RDS database instances, it is important to note that deleting previous copies first will cause full snapshot copies to be made (instead of incremental). For more information on optimizing copying, see Incremental snapshot copying in the Amazon RDS User Guide

  • Creating copies of Amazon RDS continuous backups — You can't create copies of Amazon RDS continuous backups because Amazon Backup for Amazon RDS does not allow copying transaction logs. Instead, Amazon Backup creates a snapshot and copies it with the frequency specified in the backup plan.

Restores: You can perform a point-in-time restore using either Amazon Backup or Amazon RDS. For Amazon Backup console instructions, see Restoring an Amazon RDS Database. For Amazon RDS instructions, see Restoring a DB Instance to a specified time in the Amazon RDS User Guide.

Tip

A multi AZ (availability zone) database instance set to Always On should not have a backup retention set to zero. If errors occur, use Amazon CLI command disassociate-recovery-point instead of delete-recovery-point, then change the retention setting to 1 in your Amazon RDS settings.

For general information about working with Amazon RDS, see the Amazon RDS User Guide.

Aurora

To enable continuous backup of your Aurora resources, see the steps in the first section of this page.

The procedure to restore an Aurora cluster to a point in time is a variation of the steps to restore a snapshot of an aurora cluster.

When you conduct a point in time restore, the console displays a restore time section. See Restoring a continuous backup further down on this page in Working with Continuous backups.

SAP HANA on Amazon EC2 instances

You can make continuous backups , which can be used with point-in-time restore (PITR) (note that on-demand backups preserve resources in the state in which they are taken; whereas PITR uses continuous backups which record changes over a period of time).

With continuous backups, you can restore your SAP HANA database on an EC2 instance by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). Continuous backup works by first creating a full backup of your resource, and then constantly backing up your resource’s transaction logs. PITR restore works by accessing your full backup and replaying the transaction log to the time that you tell Amazon Backup to recover.

You can opt in to continuous backups when you create a backup plan in Amazon Backup using the Amazon Backup console or the API.

To enable continuous backups using the console
  1. Sign in to the Amazon Web Services Management Console, and open the Amazon Backup console at https://console.amazonaws.cn/backup.

  2. In the navigation pane, choose Backup plans, and then choose Create Backup plan.

  3. Under Backup rules, choose Add Backup rule.

  4. In the Backup rule configuration section, select Enable continuous backups for supported resources.

After you disable PITR (point-in-time restore) for SAP HANA database backups, logs will continue to be sent to Amazon Backup until the recovery point expires (status equals EXPIRED). You can change to an alternative log backup location in SAP HANA to stop the transmission of logs to Amazon Backup.

A continuous recovery point with a status of STOPPED indicates that a continuous recovery point has been interrupted; that is, the logs transmitted from SAP HANA to Amazon Backup that show the incremental changes to a database have a gap. The recovery points that occur within this timeframe gap have a status of STOPPED..

For issues you may encounter during restore jobs of continuous backups (recovery points), see the SAP HANA Restore troubleshooting section of this guide.

Finding a continuous backup

You can use the Amazon Backup console to find your continuous backup.

To find a continuous backup using the Amazon Backup console
  1. Open the Amazon Backup console at https://console.amazonaws.cn/backup.

  2. In the navigation pane, choose Backup vaults, and then choose your backup vault in the list.

  3. In the Backups section, in the Backup type column, sort for Continuous recovery points. You can also sort by Recovery point ID for the prefix continuous.

Restoring a continuous backup

To restore a continuous backup using the Amazon Backup console
  • During the PITR restore process, the Amazon Backup console displays a Restore time section. In this section, do one of the following:

    • Choose to restore to the Latest restorable time.

    • Choose Specify date and time to enter your own date and time within your retention period.

To restore a continuous backup using the Amazon Backup API
  1. For Amazon S3 see Use the Amazon Backup API, CLI, or SDK to restore S3 recovery points.

  2. For Amazon RDS see Use the Amazon Backup API, CLI, or SDK to restore Amazon RDS recovery points.

Stopping or deleting continuous backups

You can stop the creation of continuous backups or you can delete specific backups (point-in-time-recovery or PITR points).

If you want to stop continuous backups, you must delete the continuous backup rule from your backup plan. If you wish to stop continuous backups for one or more resources but not for all resources, create a new backup plan with the continuous backup rule for those resources you still want to be continuously backed up. If instead you only delete a continuous backup recovery point from your backup vault, your backup plan will still continue to execute the continuous backup rule, creating a new recovery point.

However, even after you delete your continuous backup rule, Amazon Backup remembers the retention period from your now-deleted backup rule. It will automatically delete your continuous backup recovery point from your backup vault based on your specified retention period.

When deleting Amazon RDS recovery points, consider:

  • A multi AZ (availability zone) database instance set to Always On should not have a backup retention set to zero. If errors occur, use Amazon CLI command disassociate-recovery-point instead of delete-recovery-point, then change the retention setting to 1 in your Amazon RDS settings.

  • When a point-in-time recovery point (a backup created by continuous backup) for Amazon RDS is deleted, a database reboot is triggered and the binary logs are disabled. For further detail see Backup retention period in the Amazon RDS User Guide.

When deleting Aurora recovery points, consider:

If this is selected for an Amazon Aurora recovery point, Amazon Backup sets the retention period to 1 day. Aurora backups cannot be completely deleted until the source cluster has also been deleted.

Copying continuous backups

If a continuous backup rule also specifies a cross-account or cross-Region copy, Amazon Backup takes a snapshot of the continuous backup and copies that snapshot to the destination vault. To learn more about copying your recovery points across accounts and Regions, see Copying a backup .

Continuous backups create a periodic backups in accordance with the frequency set in the backup plan rule in the destination account and/or Region.

Amazon Backup does not support on-demand copies of continuous backups.

Changing your retention period

You can use Amazon Backup to increase or decrease the retention period for your existing continuous backup rule. The minimum retention period is 1 day. The maximum retention period is 35 days.

If you increase your retention period, the effect is immediate. If you decrease your retention period, Amazon Backup will wait until enough time passes before applying the change to protect against data loss. For example, if you decrease your retention period from 35 days to 20, Amazon Backup will continue to preserve 35 days of continuous backup until 15 days have passed. This design protects your last 15 days of backups at the time you made the change.

Removing the only continuous backup rule from a backup plan

When you create a backup plan with a continuous backup rule and then you remove that rule, Amazon Backup remembers the retention period from your now-deleted rule. It will delete the continuous backup from your backup vault when the retention period elapses.

Overlapping continuous backups on the same resource

In general, you should protect each resource with no more than one continuous backup rule. This is because additional continuous backups are redundant. However, as you scale up your backup estate, it is possible for multiple backup plans, rules, and vaults to overlap on a single resource. Amazon Backup handles these overlaps as follows.

If you include the same resource in more than one backup plan with a continuous backup rule, Amazon Backup will only create a continuous backup for the first backup plan it evaluates. It will create snapshot backups for all of the other backup plans.

If you include multiple continuous backup rules in a single backup plan:

  • If your rules point to the same backup vault, Amazon Backup only creates a continuous backup for the rule with the longest retention period. It disregards all other rules.

  • If your rules point to different backup vaults, Amazon Backup rejects the plan as not valid.

Point-in-time recovery considerations

Be aware of the following considerations for point-in-time recovery:

  • Automatic fallback to snapshots — If Amazon Backup is unable to perform a continuous backup, it tries to perform a snapshot backup instead.

  • No support for on-demand continuous backups — Amazon Backup doesn't support on-demand continuous backup because on-demand backup records a point in time, whereas continuous backup records changes over a period of time.

  • No support for transition to cold storage — Continuous backups don't support transition to cold storage because transition to cold requires a minimum transition period of 90 days, whereas continuous backups have a maximum retention period of 35 days.

  • Restoring recent activity — Amazon RDS activity allows restores up until the most recent 5 minutes of activity; Amazon S3 allows restores up until the most recent 15 minutes of activity.