Updated: Aug 25, 2020
AWS Backup is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services in the cloud and on premises.
It provides a fully managed, policy-based backup solution, simplifying your backup management, enabling you to meet your business and regulatory backup compliance requirements.
It provides central backup policies configuration and monitoring backup activity.
Backup plans are used to define backup requirements, frequency and occurrence and how long to retain backups.
The service provide 3 types of backups to choose from:
● On-Demand Backup
● Scheduled Backup
● Automatic Backups
AWS Backup can backup resources such as Amazon EBS volumes, Amazon EC2 instances, Amazon RDS databases, Amazon DynamoDB tables, Amazon EFS file systems, and AWS Storage Gateway volumes
Using it, you can copy backups to multiple AWS Regions on demand or automatically as part of a scheduled backup plan. Cross-Region replication is particularly valuable if you have business continuity or compliance requirements to store backups a minimum distance away from your production data.
Using AWS Backup, you can manage your backups across all your AWS accounts within AWS Organizations. With cross-account management, you can use backup policies to automatically apply backup plans across your accounts. You can also create a backup policy that uses tag-based resource selections, and apply it to all the accounts in your organization, or to individual accounts to protect their local resources.
Backup usage for existing backup capabilities (except Amazon EFS) will continue to be metered and billed by their respective service, and the pricing remains unchanged. There is no additional charge to use the AWS Backup centralized backup features beyond the existing backup storage pricing charged by AWS services, such as Amazon EBS snapshot storage fees. There is no additional charge for Amazon EC2 instance backups.
Keep in mind that restores are more complicated than a single click. You should still practice restoring your data regularly.
If you create a backup, you might expect that all data up to a point in time where the backup was triggered appears in the backup. Most of the services are worked as expected.
DynamoDB Backup consistency
All backups in DynamoDB work without consuming any provisioned throughput on the table.
DynamoDB backups do not guarantee causal consistency across items; however, the skew between updates in a backup is usually much less than a second.
While a backup is in progress, you can't do the following:
Pause or cancel the backup operation.
Delete the source table of the backup.
Disable backups on a table if a backup for that table is in progress.
EFS Backup consistency
Amazon EFS is designed to be highly available. You can access and modify your Amazon EFS file systems while your backup is occurring in AWS Backup. However, inconsistencies, such as duplicated, skewed, or excluded data, can occur if you make modifications to your file system while the backup is occurring. These modifications include write, rename, move, or delete operations. To ensure consistent backups, we recommend that you pause applications or processes that are modifying the file system for the duration of the backup process. Or, schedule your backups to occur during periods when the file system is not being modified.
Few more words about Amazon EFS Backups
Amazon EFS backups are handled differently than the other services because EFS does not have native snapshot or other backup capabilities built into the service. Prior to AWS Backup, Amazon offered two point solutions that have received mixed receptions by customers. For example, Amazon offers an AWS CloudFormation template that deploys an EFS-to-EFS backup solution. This solution uses an EC2 instance that mount the source file system and copies files to a mounted target file system. The other solution uses AWS Data Pipeline to copy files using rsync.
These are two “side-car” solutions and not native capabilities built into the EFS service and do not have specific APIs that can be called by AWS Backup.
AWS Backup can deliver notifications to SNS. My first impression was that the service does not publish failures to SNS. Failures can happen for many reasons:
The backup can not start within the defined time span StartWindowMinutes
The backup cannot complete within the specified period CompletionWindowMinutes
Some other error occurs (e.g., the RDS API throws an error)
In terms of notifications for backup failures, AWS included in the 'BACKUP_JOB_COMPLETED' SNS. There are four different messages types, Success, Failed, Stopped and Expired.
In summary, I like the idea that AWS Backup will be the single point where we configure and monitor the backups for all data stores. We will follow the AWS announcements for further improvements