Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links



AWS Backup Service

08 July,2022 by Rambler

Main Benefits of AWS Backup versus Service Native 

-> Centralised backup service - covers multiple DBMS types - with common Backup Plans 

-> Similar experience across different technologies . This DOES NOT mean the restores are all applied in the exactly the same manner

-> Lifecycle management is centralised

-> Discrete storage , in case of accidental or malicious DBMS destroy 

-> Vault replication to multiple regions 



Is AWS Backup Service a suitable replacement for the automated RDS service backups?  As more services are deployed - it makes sense to think about how to employ an approach which includes more robust inventory, monitoring and compliance policies

The basic concept of the AWS Backup Service is to create a backup plan to an AWS resource - such as an RDS PostgreSQL , by tagging them - which allows the AWS Backup to identify and backup according to the backup plan. A backup plan can manage anything from one resource through to a resource type e.g RDS or resource type e.g RDS,EC2 etc

The AWS Backup Service aims  to offer a single interface with a similar experience over multiple application types. AWS Backup provides a centralized console, automated backup scheduling, backup retention management, and backup monitoring and alerting.

The setup is very easy , but before setting up ensure the RPO & RTO are established for the targeted DBMS services which will be backed up . The RPO & RTO will give you the background information required to set up the Backup Plan and assign resources 

Basic Concepts

1) Configure Resources - resource types must be enabled 

2)  Backup Plan - new or ready-made

3) Backup rules - A backup plan is made up of 1 or more backup rules

4) Backup vault - is a container for backup organization , also can be used to set AWS Key Management (AWS KMS).

5)Backup frequency - how often will the backup is created

6) Continuous  backups to support PITR (Point in time recovery)

7)backup Window - Backup Window start & finish 

8)Transition to Cold Storage 

9)Retention Period - backups are automatically deleted at period end. Snapshots can be retained up to 100 days or indefinite if a period isn't entered

10)Copy to destination - various options to copy to another region

11) Tags added to recovery points - option to add tags to a backup . 

12)Resource Assignments  - IAM role - Default or Choose an IAM role

13) Resource Assignments  - Assign Resources - various options - ranging from all resource types to customizing per source types. Resource Types  examples include Aurora, DocumentDB,DynamoDB,EBS,EC2,EFS,RDS,FSx,Neptune ,Storage Gateway ,S3 ,VM





Does AWS Backup service replace automated  RDS  snapshot backups ? According to the documentation - "all existing per-service backup capabilities remain unchanged. RDS/PostgreSQL will automatically backup your database and retain those backups for the length of your retention period, up to 35 days. Backups preformed via AWS Backup are considered manual snapshots, and will persist until deleted."

Continuous backups for point-in-time recovery is now available through AWS Backup Service - although this needs to be enabled. If you don't enable continuous backups - the AWS backup service will only apply snapshot backups. Previously - you needed to toggle between the AWS Backup Service & RDS console


Notes on AWS Backup

1) Define a backup policy at an organizational level & automatically apply at an Account or Region level. 

2) Utilize tags. For example using the tag key "Backup" and tag value "Daily" on an RDS DBMS can be defined in the Daily Backup Plan as the values to search when deciding on which resources to back up for the specific backup plan

3)Backup vault - Secure the Backup Vault so it isn't accidentally deleted. 

4)Disaster Recovery - options include cross-region and cross-account.



1) The AWS Backup service supports cross-account backups.

2) AWS Backups independent encryption is defined as encryption managed by the AWS Backup Vault. Not all AWS services support  AWS Backup independent encryption . 

For services not supporting AWS Backup independent encryption  , the AWS Backup Service Process uses the data source key for data encryption as opposed to the AWS Backup Vault KMS key.





Read more  related to AWS & DBMS 

AWS PostgreSQL encryption



Author: Rambler (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on AWS Backup Service