AWS Backup Service for backup and recovery

Backups are really important to restore your application to a stable state in case of disasters. The most common disasters are file deletion, modifications or any other kind of damages to the database which are undesirable. These backup are also important when you are doing maintenance of the system. If something goes wrong during maintenance you will have the data safe. AWS backup service provides an easy centralize backup service.

AWS provides different kinds of database services such as RDS and DynamoDB. These AWS services itself provide a built-in backup functionality. AWS services backups are useful but have few challenges:

  • No, centralized place to manage the backup
  • No, centralized place to restore the data
  • The backup configurations such as RTO, RPO are limited
  • No, central monitoring
  • Inconsistency of backup policy across different resources

Centralize with AWS Backup Service

AWS backup service helps to manage the backups from a central place and automate it based on requirements. It supports three kinds of services:

  • On-Premises – We can use AWS backup with the AWS storage gateway to backup your on-premises data to AWS using the backup service
  • Cloud-Native – AWS Backup Service can be used to backup AWS cloud services which include RDS, DynamoDB, EFS, Storage Gateway, and EBS
  • Hybrid – In a hybrid model, we can include a combination of on-premises and cloud-native and manage them centrally

AWS backup service key features

Centralized backup

All the different AWS services have a different place to look for and manage the backup. AWS backup provides a central place to manage the backup. A single console where you can list and manage the backup.


We can monitor the backup progress from a single place. This helps easy manage and understand metrics such as how long it takes to complete a backup.


It also supports on-demand backup. This means at any time you need to take a backup on a need basis, you can use the AWS backup service. This will help to keep the on-demand backup in a central place which is easily manageable.


Based on your compliance the backup settings such as scheduling, retention management needs to be configurable. This is something not provided by the built-in services. The backup service provides the functionality to change your configuration such as retention period and the time interval of backup. This can be uniformly used across all the AWS services.


All of these configurations can be scheduled and automated using the backup service.

Centralized Recovery

With all the backups in a central place, it becomes very easy to recover these backup from a single central console.

How to backup using AWS backup service?

Let us now look into how the backup service actually works. For this let us look into the different components of backup service and how we backup:

Create a Backup plan

A backup plan is used to define the configurations for the backup. It defines the settings like:

  • The backup interval
  • The retention period for the backup
  • Backup initiation interval and time

Time needed: 5 minutes.

How to create a backup plan with AWS backup service?

  1. Go to AWS backup console

    The first thing you need to do to backup AWS service is to create a backup plan. You can create a backup plan by going to the backup service in the AWS console. > AWS Backup > Backup Plan
    Here you can see a list of backup plans if created. For the first time there will be no backup plan so let us create one:

  2. Open the Backup Plan create console

    Create a backup plan by clicking Create Backup plan in the console. This will render a page to create a backup plan.

    Select the build a new plan in start options, so that we can configure the backup based on our need. Name the backup plan name as you want.

  3. Configure the backup

    Now let us configure the backup plan. A backup plan can be configured with the plan name and defining the rules.
    Here we are configuring the plan to run daily, move it to cold storage a month after creation and remove it after a year. The backup window we are using is the default. This can be changed according to the business need. This plan is currently placed in the default vault. We will look into how we can create a new vault in the section below.

We now have successfully created a backup plan.

Backup Vault

In this backup plan, we have used a default vault to store our backup. A vault is a place where the backups are stored. These backups can be accessed only by the resources that are defined in the backup vault policy. A backup vault can be encrypted uses a KMS key.

Creating a vault is very simple. Enter the vault name and the KMS key for the vault. In this example, we are using the default KSM key.

Backup vault creation
Create a vault

Once the fault is created you will be redirected to the vault page. Here you can define/change the access policy. A vault access policy defines what resources will have access to this vault.

Vault access policy
The Access policy for vault

Now, you can use this vault instead of the default vault while creating a new backup plan.


Once the backup plan is in place. Go to the newly created backup plan dashboard. In the resource assignment section create a new resource:

Assign resources dashboard
Backup plan resource assignment

Here you can assign any supported AWS services resource. In this example let us assign a rds resource:

Assign services resources
rds assignment

Create a resource assignment by naming it rdsAssignment. We need to specify the IAM role for the backup. Here we will be using the default role. In the Assign resource section select assign by – Resource Id, Resource type – RDS and Database name to a database name you want to create a backup for. Click add assignment and click Assign Resources. With this, the backup service will start to backup the RDS database automatically.

Supported AWS services for backup:

  1. AWS RDS – RDS provides by default 1-day automated backup. This can be changed based on the RPO requirement using the backup service.
  2. AWS DynamoDB – DynamoDB only provides on-demand backup and the way to automate them is using AWS backup service.
  3. AWS EBS
  4. AWS EFS
  5. AWS Storage gateway – For on-premises applications, AWS Storage gateway can be used to backup the data using the AWS backup service.

The backup can be listed in the vault. These are called the recovery point. From these recovery points, you can easily restore the database at the point the backup is taken. You can monitor the status of backup/recovery in the Jobs section.

To write these backup as an IaC, learn about AWS Cloudformation from the next blog: