How Amazon Backup works with supported Amazon services
Some Amazon Backup-supported Amazon services offer their own, stand-alone backup features. Those features are available to you independent of whether you use Amazon Backup. However, the backups other Amazon services create are not available for central governance through Amazon Backup.
To configure Amazon Backup to centrally manage data protection for all your supported services, you must opt in to managing that service with Amazon Backup, create an on-demand backup or schedule backups using a backup plan, and store your backups in backup vaults.
Topics
- Opt in to managing services with Amazon Backup
- Working with Amazon S3 data
- Working with VMware virtual machines
- Working with Amazon DynamoDB
- Working with Amazon FSx file systems
- Working with Amazon EC2
- Working with Amazon EFS
- Working with Amazon EBS
- Working with Amazon RDS and Aurora
- Working with Amazon Storage Gateway
- Working with Amazon DocumentDB
- Working with Amazon Neptune
- Working with Amazon Timestream
- Working with Amazon Organizations
- Working with Amazon CloudFormation
- Working with Amazon BackInt, Amazon Systems Manager for SAP, and SAP HANA
- How Amazon services back up their own resources
Opt in to managing services with Amazon Backup
When new Amazon services become available, you must enable Amazon Backup to use those services. If you try to create an on-demand backup or backup plan using resources from a service that is not enabled, you receive an error message and cannot complete the process.
The Amazon Backup console has two ways to include resource types in a backup plan: explicitly assign the resource type in a backup plan or include all resources. See the points below to understand how these selections work with service opt ins.
-
If resource assignments are only based on tags, then service opt-in settings are applied.
-
If a resource type is explicitly assigned to a backup plan, it will be included in the backup even if the opt-in is not enabled for that particular service. This does not apply to Aurora, Neptune, and Amazon DocumentDB. For these services to be included, the opt-in must be enabled.
-
If both resource type and tags are specified in a resource assignment, the specified resource types are filtered first, then tags further filter those resources.
Service opt-in settings are ignored for most resource types. However Aurora, Neptune, and Amazon DocumentDB require service opt-in.
-
For Amazon FSx for NetApp ONTAP, when using tag-based resource selection, apply tags to individual volumes instead of the whole file system.
Service opt-in settings are specific to a Region. When an account uses Amazon Backup (creates a backup vault or backup plan) in a Region, the account automatically is opted into all resource types supported by Amazon Backup in the Region at that time. Supported services added to that Region at a later date will not be automatically included in a backup plan. You can choose to opt into those resource types once they become supported.
To configure the services used with Amazon Backup
Open the Amazon Backup console at https://console.amazonaws.cn/backup
. -
In the navigation pane, choose Settings.
-
On the Service opt-in page, choose Configure resources.
-
Use the toggle switches to enable or disable the services used with Amazon Backup.
Important
RDS, Aurora, Neptune, and DocumentDB share the same Amazon Resource Name (ARN). Opting in to manage one of these resource types with Amazon Backup opts in to all of them when assigning it to a backup plan. Regardless, we recommend you opt in all of them to accurately represent your opt-in status.
-
Choose Confirm.
Working with Amazon S3 data
Amazon Backup offers fully-managed backup and restore for Amazon S3 backups. To learn more, see Amazon S3 backups.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon S3 data using Amazon Backup: Restore S3 data using Amazon Backup
For detailed information about S3 data, see the Amazon S3 documentation.
Working with VMware virtual machines
Amazon Backup supports centralized and automated data protection for on-premises VMware virtual machines (VMs) along with VMs in the VMware Cloud™ (VMC) on Amazon. You can back up from your on premises and VMC virtual machines to Amazon Backup. Then, you can restore from Amazon Backup to either on premises or VMC.
Backup gateway is downloadable Amazon Backup software that you deploy to your VMware VMs to connect them to Amazon Backup. The gateway connects to your VM management server to discover your VMs, encrypt data, and efficiently transfer data to Amazon Backup. The following diagram illustrates how Backup gateway connects to your VMs:
-
How to back up resources: Virtual machine backups
-
How to restore VM resources: Restore a virtual machine using Amazon Backup
Working with Amazon DynamoDB
Amazon Backup supports backing up and restoring Amazon DynamoDB tables. DynamoDB is a fully-managed NoSQL database service that provides fast and predictable performance with seamless scalability.
Since its launch, Amazon Backup has always supported DynamoDB. Starting November 2021, Amazon Backup also introduced advanced features for DynamoDB backups. Those advanced features include copying your backups across Amazon Web Services Regions and accounts, tiering backups to cold storage, and using tags for permissions and cost management.
New Amazon Backup customers onboarding after November 2021 will have advanced DynamoDB backup features enabled by default.
We recommend all existing Amazon Backup customers enable advanced features for DynamoDB. There is no difference in warm backup storage pricing after you enable advanced features, and you can save money by tiering backups to cold storage and optimize your costs by using cost allocation tags.
For a full list of advanced features and how to enable them, see Advanced DynamoDB backup.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore DynamoDB resources: Restore a Amazon DynamoDB table
For detailed information about DynamoDB, see What is Amazon DynamoDB? in the Amazon DynamoDB Developer Guide.
Working with Amazon FSx file systems
Amazon Backup supports backing up and restoring Amazon FSx file systems. Amazon FSx provides fully managed third-party file systems with the native compatibility and feature sets for workloads. Amazon Backup uses the built-in backup functionality of Amazon FSx. So backups taken from the Amazon Backup console have the same level of file system consistency and performance, and the same restore options as backups that are taken through the Amazon FSx console.
If you use Amazon Backup to manage these backups, you gain additional functionality, such as unlimited retention options, and the ability to create scheduled backups as frequently as every hour. In addition, Amazon Backup retains your backups even after the source file system is deleted. This protects against accidental or malicious deletion.
Use Amazon Backup to protect Amazon FSx file systems if you want to configure backup policies and monitor backup tasks from a central backup console that also extends support for other Amazon services.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon FSx resources: Restore an FSX file system
For detailed information about Amazon FSx file systems, see the Amazon FSx documentation.
Working with Amazon EC2
Amazon Backup supports Amazon EC2 instances.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon EC2 resources: Restore an Amazon EC2 instance
You can schedule or perform on-demand backup jobs that include entire EC2 instances, including its Amazon EBS volumes. Therefore, you can restore an entire Amazon EC2 instance from a single recovery point, including the root volume, data volumes, and some instance configuration settings, such as the instance type and key pair.
You can also back up and restore your VSS-enabled Microsoft Windows applications. You can schedule application-consistent backups, define lifecycle policies, and perform consistent restores as part of an on-demand backup or a scheduled backup plan. For more information, see Create Windows VSS backups.
Amazon Backup does not reboot your EC2 instances at any time.
Images and snapshots
When backing up an Amazon EC2 instance, Amazon Backup takes a snapshot of the root Amazon EBS storage volume, the launch configurations, and all associated EBS volumes. Amazon Backup stores certain configuration parameters of the EC2 instance, including instance type, security groups, Amazon VPC, monitoring configuration, and tags. The backup data is stored as an Amazon EBS volume-backed Amazon Machine Image (AMI).
If you delete an Amazon Machine Image (AMI) or Amazon EBS snapshot that is managed by Amazon Backup using Amazon Backup and you have the Amazon EC2 recycle bin configured, the image or snapshot might incur charges per the Amazon EC2 recycle bin policy. Snapshots and images in the Amazon EC2 recycle bin are no longer managed by Amazon Backup and will not be managed by Amazon Backup policies if you restore them from the recycle bin.
Amazon Backup managed Amazon EBS snapshots and snapshots associated with a Amazon Backup managed Amazon EC2 AMI
which have Amazon EBS Snapshot Lock applied may not be deleted as part of the recovery point
lifecycle if the snapshot lock duration exceeds the backup lifecycle. Instead, these
recovery points will have the status of EXPIRED
. These recovery points can be
deleted
manually if you choose to first remove the Amazon EBS snapshot lock.
Amazon Backup can encrypt EBS snapshots associated with an Amazon EC2 backup. This is similar to how it encrypts EBS snapshots. Amazon Backup uses the same encryption applied on the underlying EBS volumes when creating a snapshot of the Amazon EC2 AMI, and the configuration parameters of the original instance are persisted in the restore metadata.
A snapshot derives its encryption from the volume, and the same encryption is applied to the corresponding snapshots. EBS snapshots of a copied AMI are always encrypted. If you specify a KMS key during the copy, the specified key is applied. If you don't specify a KMS key, a default KMS key is applied.
For more information, see Amazon EC2 instances in the Amazon EC2 User Guide and Amazon EBS encryption in the Amazon EBS User Guide.
Working with Amazon EFS
Amazon Backup supports Amazon Elastic File System (Amazon EFS).
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon EFS resources: Restore an Amazon EFS file system
For detailed information about Amazon EFS file systems, see What is Amazon Elastic File System? in the Amazon Elastic File System User Guide.
Working with Amazon EBS
Amazon Backup supports Amazon Elastic Block Store (Amazon EBS) volumes.
Amazon Backup managed Amazon EBS snapshots and snapshots associated with a Amazon Backup managed Amazon EC2 AMI
which have Amazon EBS Snapshot Lock applied may not be deleted as part of the recovery point
lifecycle if the snapshot lock duration exceeds the backup lifecycle. Instead, these
recovery points will have the status of EXPIRED
. These recovery points can be
deleted
manually if you choose to first remove the Amazon EBS snapshot lock.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon EBS volumes: Restore an Amazon EBS volume
You can also learn more using the following tutorial: Amazon EBS Backup and Restore Using Amazon Backup
For more information, see Amazon EBS volumes in the Amazon EBS User Guide.
Working with Amazon RDS and Aurora
Amazon Backup supports Amazon RDS database engines and Aurora clusters.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon RDS resources: Restore an RDS database
-
How to restore Aurora clusters: Restoring an Amazon Aurora cluster
You can also learn by trying the following how-to guide: Amazon RDS Backup and Restore Using Amazon Backup
For more information about Amazon RDS, see What is Amazon Relational Database Service? in the Amazon RDS User Guide.
For detailed information about Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.
If you initiate a backup job from the Amazon RDS console, this can conflict with an Aurora
clusters backup job, causing the error Backup job expired before
completion
. If this occurs, configure a longer backup window in
Amazon Backup.
RDS Custom for SQL Server and RDS Custom for Oracle are not currently supported by Amazon Backup.
Amazon Backup does not support backup and restore of RDS on Outposts.
Amazon does not charge for Aurora snapshots stored inside a backup vault as long as Aurora has automated backups enabled and the retention period for Aurora automated backups is more than the retention period of Aurora snapshots. Any snapshots within the backup vault will be charged if the snapshots’ database is deleted (deletions may occur accidentally or during blue/green deployment).
Large snapshots and frequent backups from a deleted database could result in
significant storage charges. Visit the Amazon Backup calculator
Working with Amazon Storage Gateway
Amazon Backup supports Storage Gateway Volume Gateway. You can also restore Amazon EBS snapshots as Storage Gateway volumes.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Storage Gateway resources: Restore a Storage Gateway volume.
Working with Amazon DocumentDB
Amazon Backup supports Amazon DocumentDB clusters.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon DocumentDB resources: Restoring a DocumentDB cluster.
Working with Amazon Neptune
Amazon Backup supports Amazon Neptune clusters.
-
How to back up resources: Getting started with Amazon Backup
-
How to restore Amazon Neptune clusters: Restore a Neptune cluster.
Working with Amazon Timestream
Amazon Backup supports Amazon Timestream tables.
How to backup Timestream tables.
How to restore Timestream tables.
Working with Amazon Organizations
Amazon Backup works with Amazon Organizations to simplify cross-account monitoring and management
Working with Amazon CloudFormation
Amazon Backup support Amazon CloudFormation templates and application stacks
Working with Amazon BackInt, Amazon Systems Manager for SAP, and SAP HANA
Amazon Backup works with Amazon BackInt and with SSM for SAP to support SAP HANA backup and restore functions.
How Amazon services back up their own resources
You might refer to the technical documentation for a specific Amazon service's backup and restore process, particularly when, during a restore, you need to configure a new instance of that Amazon service. The following is a list of documentation: