How Amazon Backup works with supported Amazon services - Amazon Backup
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How Amazon Backup works with supported Amazon services

Some Amazon Backup-supported Amazon services offer their own, stand-alone backup features. Those features are available to you independent of whether you use Amazon Backup. However, the backups other Amazon services create are not available for central governance through Amazon Backup.

To configure Amazon Backup to centrally manage data protection for all your supported services, you must opt in to managing that service with Amazon Backup, create an on-demand backup or schedule backups using a backup plan, and store your backups in backup vaults.

Opt in to managing services with Amazon Backup

When new Amazon services become available, you must enable Amazon Backup to use those services. If you try to create an on-demand backup or backup plan using resources from a service that is not enabled, you receive an error message and cannot complete the process.

The Amazon Backup console has two ways to include resource types in a backup plan: explicitly assign the resource type in a backup plan or include all resources. See the points below to understand how these selections work with service opt ins.

  • If resource assignments are only based on tags, then service opt-in settings are applied.

  • If a resource type is explicitly assigned to a backup plan, such as Amazon S3, Amazon EC2, or Amazon RDS, it will be included in the backup even if the opt-in is not enabled for that particular service.

  • If both a resource type and tags are specified in a resource assignment, the resource type specified in the backup plan takes priority over the tag condition. Service opt-in settings are disregarded in this situation.

Note

Service opt-in settings are Region-specific. If you change the Amazon Web Services Region that you're using, you must reconfigure the services that you use with Amazon Backup.

To configure the services used with Amazon Backup
  1. Open the Amazon Backup console at https://console.amazonaws.cn/backup.

  2. In the navigation pane, choose Settings.

  3. On the Service opt-in page, choose Configure resources.

  4. Use the toggle switches to enable or disable the services used with Amazon Backup.

    Important

    RDS, Aurora, Neptune, and DocumentDB share the same Amazon Resource Name (ARN). Opting in to manage one of these resource types with Amazon Backup opts in to all of them when assigning it to a backup plan. Regardless, we recommend you opt in all of them to accurately represent your opt-in status.

  5. Choose Confirm.

Working with Amazon S3 data

Amazon Backup offers fully-managed backup and restore for Amazon S3 backups. To learn more, see Amazon S3 backups.

For detailed information about S3 data, see the Amazon S3 documentation.

Working with VMware virtual machines

Amazon Backup supports centralized and automated data protection for on-premises VMware virtual machines (VMs) along with VMs in the VMware Cloud™ (VMC) on Amazon. You can back up from your on premises and VMC virtual machines to Amazon Backup. Then, you can restore from Amazon Backup to either on premises or VMC.

Backup gateway is downloadable Amazon Backup software that you deploy to your VMware VMs to connect them to Amazon Backup. The gateway connects to your VM management server to discover VMs, discovers your VMs, encrypts data, and efficiently transfers data to Amazon Backup. The following diagram illustrates how Backup gateway connects to your VMs:

Working with Amazon DynamoDB

Amazon Backup supports backing up and restoring Amazon DynamoDB tables. DynamoDB is a fully-managed NoSQL database service that provides fast and predictable performance with seamless scalability.

Since its launch, Amazon Backup has always supported DynamoDB. Starting November 2021, Amazon Backup also introduced advanced features for DynamoDB backups. Those advanced features include copying your backups across Amazon Web Services Regions and accounts, tiering backups to cold storage, and using tags for permissions and cost management.

New Amazon Backup customers onboarding after November 2021 will have advanced DynamoDB backup features enabled by default.

We recommend all existing Amazon Backup customers enable advanced features for DynamoDB. There is no difference in warm backup storage pricing after you enable advanced features, and you can save money by tiering backups to cold storage and optimize your costs by using cost allocation tags.

For a full list of advanced features and how to enable them, see Advanced DynamoDB backup.

For detailed information about DynamoDB, see What is Amazon DynamoDB? in the Amazon DynamoDB Developer Guide.

Working with Amazon FSx file systems

Amazon Backup supports backing up and restoring Amazon FSx file systems. Amazon FSx provides fully managed third-party file systems with the native compatibility and feature sets for workloads. Amazon Backup uses the built-in backup functionality of Amazon FSx. So backups taken from the Amazon Backup console have the same level of file system consistency and performance, and the same restore options as backups that are taken through the Amazon FSx console.

If you use Amazon Backup to manage these backups, you gain additional functionality, such as unlimited retention options, and the ability to create scheduled backups as frequently as every hour. In addition, Amazon Backup retains your backups even after the source file system is deleted. This protects against accidental or malicious deletion.

Use Amazon Backup to protect Amazon FSx file systems if you want to configure backup policies and monitor backup tasks from a central backup console that also extends support for other Amazon services.

For detailed information about Amazon FSx file systems, see the Amazon FSx documentation.

Working with Amazon EC2

Using Amazon Backup, you can schedule or perform on-demand backup jobs that include entire EC2 instances and Windows applications running on Amazon EC2, along with associated configuration data. This limits the need for you to interact with the storage (Amazon EBS) volume. Similarly, you can restore an entire Amazon EC2 instance from a single recovery point. A backup job can only have one resource. So you can have a job to back up an EC2 instance, and it will back up the root volume, all data volumes, and the associated instance configurations.

Amazon Backup does not reboot EC2 instances at any time.

Backing Up Amazon EC2 resources

When backing up an Amazon EC2 instance, Amazon Backup takes a snapshot of the root Amazon EBS storage volume, the launch configurations, and all associated EBS volumes. Amazon Backup stores certain configuration parameters of the EC2 instance, including instance type, security groups, Amazon VPC, monitoring configuration, and tags. The backup data is stored as an Amazon EBS volume-backed Amazon Machine Image (AMI).

You can also back up and restore your VSS-enabled Microsoft Windows applications. You can schedule application-consistent backups, define lifecycle policies, and perform consistent restores as part of an on-demand backup or a scheduled backup plan. For more information, see Creating Windows VSS backups.

Amazon Backup does not back up the following:

  • Configuration of the Elastic Inference accelerator, if it is attached to the instance.

  • User data used when the instance was launched.

Note

For all instance types, only Amazon EBS-backed EC2 instances are supported. Ephemeral storage instances (that is, instance store-backed instances) are not supported.

When an Amazon Backup managed Amazon EC2 AMI (Amazon Machine Image) or Amazon EBS snapshot is deleted via Amazon Backup and you have the Amazon EC2 recycle bin configured, the image or snapshot might incur charges per the Amazon EC2 recycle bin policy. Snapshots and images in the Amazon EC2 recycle bin are no longer managed by Amazon Backup and will not be managed by Amazon Backup policies if you restore them from the recycle bin.

Amazon Backup managed Amazon EBS snapshots and snapshots associated with a Amazon Backup managed Amazon EC2 AMI which have Amazon EBS Snapshot Lock applied may not be deleted as part of the recovery point lifecycle if the snapshot lock duration exceeds the backup lifecycle. Instead, these recovery points will have the status of EXPIRED. These recovery points can be deleted manually if you choose to first remove the Amazon EBS snapshot lock.

Amazon Backup can encrypt EBS snapshots associated with an Amazon EC2 backup. This is similar to how it encrypts EBS snapshots. Amazon Backup uses the same encryption applied on the underlying EBS volumes when creating a snapshot of the Amazon EC2 AMI, and the configuration parameters of the original instance are persisted in the restore metadata.

A snapshot derives its encryption from the volume as you have defined, and the same encryption is applied to the corresponding snapshots. EBS snapshots of a copied AMI will always be encrypted. If you use a KMS key during the copy, the key will be applied. If you don't use a KMS key, a default KMS key is applied.

For detailed information about Amazon EC2, see What is Amazon EC2? in the Amazon EC2 User Guide for Windows Instances.

Working with Amazon EFS

Amazon Backup supports Amazon Elastic File System (Amazon EFS).

For detailed information about Amazon EFS file systems, see What is Amazon Elastic File System? in the Amazon Elastic File System User Guide.

Working with Amazon EBS

Amazon Backup supports Amazon Elastic Block Store (Amazon EBS) volumes.

Amazon Backup managed Amazon EBS snapshots and snapshots associated with a Amazon Backup managed Amazon EC2 AMI which have Amazon EBS Snapshot Lock applied may not be deleted as part of the recovery point lifecycle if the snapshot lock duration exceeds the backup lifecycle. Instead, these recovery points will have the status of EXPIRED. These recovery points can be deleted manually if you choose to first remove the Amazon EBS snapshot lock.

For detailed information about Amazon EBS volumes, see What is Amazon Elastic Block Store (Amazon EBS)? in the Amazon EC2 User Guide for Linux Instances.

For more information, see Creating an Amazon EBS Volume in the Amazon EC2 User Guide for Linux Instances.

Working with Amazon RDS and Aurora

Amazon Backup supports Amazon RDS database engines and Aurora clusters.

For more information about Amazon RDS, see What is Amazon Relational Database Service? in the Amazon RDS User Guide.

For detailed information about Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

Note

If you initiate a backup job from the Amazon RDS console, this can conflict with an Aurora clusters backup job, causing the error Backup job expired before completion. If this occurs, configure a longer backup window in Amazon Backup.

Note

RDS Custom for SQL Server and RDS Custom for Oracle are not currently supported by Amazon Backup.

Note

Amazon does not charge for Aurora snapshots stored inside a backup vault as long as Aurora has automated backups enabled and the retention period for Aurora automated backups is more than the retention period of Aurora snapshots. Any snapshots within the backup vault will be charged if the snapshots’ database is deleted (deletions may occur accidentally or during blue/green deployment).

Large snapshots and frequent backups from a deleted database could result in significant storage charges. Visit the Amazon Backup calculator to estimate potential Amazon Backup charges.

Working with Amazon Storage Gateway

Amazon Backup supports Storage Gateway Volume Gateway. You can also restore Amazon EBS snapshots as Storage Gateway volumes.

Working with Amazon DocumentDB

Amazon Backup supports Amazon DocumentDB clusters.

Working with Amazon Neptune

Amazon Backup supports Amazon Neptune clusters.

Working with Amazon Timestream

Amazon Backup supports Amazon Timestream tables.

Working with Amazon Organizations

Amazon Backup works with Amazon Organizations to simplify cross-account monitoring and management

Working with Amazon CloudFormation

Amazon Backup support Amazon CloudFormation templates and application stacks

Working with Amazon BackInt, Amazon Systems Manager for SAP, and SAP HANA

Amazon Backup works with Amazon BackInt and with SSM for SAP to support SAP HANA backup and restore functions.

How Amazon services back up their own resources

You might refer to the technical documentation for a specific Amazon service's backup and restore process, particularly when, during a restore, you need to configure a new instance of that Amazon service. The following is a list of documenation: