AWS Backup

(1)

AWS Backup

Developer Guide

(2)

AWS Backup: Developer Guide

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

What is AWS Backup?

AWS Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises. Using this service, you can conﬁgure backup policies and monitor activity for your AWS resources in one place. It allows you to automate and consolidate backup tasks that were previously performed service-by-service, and removes the need to create custom scripts and manual processes. With a few clicks in the AWS Backup console, you can automate your data protection policies and schedules.

AWS Backup does not govern backups you take in your AWS environment outside of AWS Backup.

Therefore, if you want a centralized, end-to-end solution for business and regulatory compliance requirements, start using AWS Backup today.

Supported AWS resources and third-party applications

The following are AWS resources and third-party applications that you can back up and restore using AWS Backup.

Supported resource Supported resource type Amazon Elastic Compute

Cloud (Amazon EC2) Amazon EC2 instances (excluding store-backed AMIs) Windows Volume Shadow

Copy Service (VSS) Windows VSS-supported applications (including Windows Server, Microsoft SQL Server, and Microsoft Exchange Server) on Amazon EC2 Amazon Simple Storage

Service (Amazon S3) Amazon S3 data Amazon Elastic Block Store

(Amazon EBS) Amazon EBS volumes

Amazon DynamoDB Amazon DynamoDB tables Amazon Relational

Database Service (Amazon RDS)

Amazon RDS database instances (including all database engines)

Amazon Aurora Aurora clusters Amazon Elastic File System

(Amazon EFS) Amazon EFS ﬁle systems FSx for Lustre FSx for Lustre ﬁle systems

FSx for Windows File Server FSx for Windows File Server ﬁle systems AWS Storage Gateway

(Volume Gateway) AWS Storage Gateway volumes Amazon DocumentDB Amazon DocumentDB clusters Amazon Neptune Amazon Neptune clusters

(9)

Features available for all supported resources

Supported resource Supported resource type Virtual machines VMware virtual machines

Features available for all supported resources

To use an AWS Backup feature, it must be oﬀered for your supported resource and AWS Region. Use the following sections and tables to determine feature availability.

AWS Backup oﬀers the following features for ALL its supported AWS services and third-party applications it supports.

• Automated backup schedules and retention management

• Centralized backup monitoring

• Incremental backups, except for DynamoDB, Aurora, DocumentDB, and Neptune.

• AWS KMS-integrated backup encryption

• Cross-account management with AWS Organizations

• Automated backup audits and reports with AWS Backup Audit Manager

• Write-once, read-many (WORM) with AWS Backup Vault Lock

Feature availability by resource

AWS Backup supports

Cross- Region backup

Cross- account backup

AWS Backup Audit Manager

Incremental

backup Continuous backup and point- in-time restore (PITR)

Full AWS Backup

management (p. 7) Lifecycle to cold storage

Item- level restore‡

EC2 ✓ ✓ ✓ ✓

S3 ✓† ✓ ✓ ✓ ✓

EBS ✓ ✓ ✓ ✓

RDS ✓* ✓* ✓ ✓ ✓

Aurora ✓* ✓* ✓

EFS ✓ ✓ ✓ ✓ ✓ ✓ ✓

FSx for

Lustre ✓ ✓ ✓ ✓

FSx for Windows FileServer

✓ ✓ ✓ ✓

Storage

Gateway ✓ ✓ ✓† ✓

DocumentDB✓* ✓* ✓

(10)

Feature availability by AWS Region

AWS Backup supports

Cross- Region backup

Cross- account backup

AWS Backup Audit Manager

Incremental

backup Continuous backup andpoint- in-time restore (PITR)

Full AWS Backup

management (p. 7) Lifecycle to cold storage

Item- level restore‡

Neptune ✓* ✓* ✓

Windows

VSS ✓ ✓ ✓ ✓

Virtual

machines ✓ ✓ ✓† ✓ ✓ ✓

DynamoDB without AWS Backup advanced features

✓

DynamoDB with AWS Backup advanced features

✓ ✓ ✓ ✓ ✓

* RDS, Aurora, DocumentDB, and Neptune do not support a single copy action that performs both cross- Region AND cross-account backup. You can choose one or the other. You can also use a AWS Lambda script to listen for the completion of your ﬁrst copy, perform your second copy, then delete the ﬁrst copy.

† AWS Backup Audit Manager supports this resource across all controls except Backup resources protected by backup plan (p. 146).

‡ The "item" in an item-level restore varies depending on the supported resource. For example, a ﬁle system item is a ﬁle or directory, whereas an S3 item is an S3 object. For more information, see the Restoring a backup (p. 98) section for the supported resource.

Feature availability by AWS Region

AWS Backup is available in all the following AWS Regions. AWS Backup features are available in all these Regions unless otherwise noted in the following table.

AWS Backup

supports Cross-Region

backup Cross-account

management Cross-account

backup AWS Backup

Audit Manager South America

(São Paulo) Region ✓ ✓ ✓ ✓

Asia Paciﬁc

(Sydney) Region ✓ ✓ ✓ ✓

Asia Paciﬁc

(Tokyo) Region ✓ ✓ ✓ ✓

(11)

Feature availability by AWS Region

AWS Backup

Audit Manager Europe (Ireland)

Region ✓ ✓ ✓ ✓

US East (Ohio)

Europe (London)

US West (Oregon)

US West (N.

California) Region ✓ ✓ ✓ ✓

Asia Paciﬁc

(Mumbai) Region ✓ ✓ ✓ ✓

Europe (Paris)

Europe (Stockholm) Region

✓ ✓ ✓ ✓

Asia Paciﬁc (Singapore) Region

✓ ✓ ✓ ✓

Canada (Central)

Asia Paciﬁc (Seoul)

US East (N.

Virginia) Region ✓ ✓ ✓ ✓

Europe (Frankfurt)

China (Beijing)

Region ✓

China (Ningxia)

Region ✓

Middle East

(Bahrain) Region ✓

Asia Paciﬁc (Hong

Kong) Region ✓

Africa (Cape Town)

Region

(12)

Feature overview

AWS Backup

Audit Manager Europe (Milan)

Region

Asia Paciﬁc

(Osaka) Region ✓ ✓

AWS GovCloud

(US-West) ✓ ✓

AWS GovCloud

(US-East) ✓ ✓

AWS Backup support for Storage Gateway and Amazon FSx are available in all Regions except Asia Paciﬁc (Osaka) Region.

AWS Backup support for Amazon S3 is available in all Regions except South America (São Paulo) Region, China (Beijing) Region, China (Ningxia) Region, AWS GovCloud (US-West), and AWS GovCloud (US-East) Regions.

Feature overview

AWS Backup provides many features and capabilities, including:

Centralized backup management

AWS Backup provides a centralized backup console, a set of backup APIs, and the AWS Command Line Interface (AWS CLI) to manage backups across the AWS services that your applications use. With AWS Backup, you can centrally manage backup policies that meet your backup requirements. You can then apply them to your AWS resources across AWS services, enabling you to back up your application data in a consistent and compliant manner. The AWS Backup centralized backup console oﬀers a consolidated view of your backups and backup activity logs, making it easier to audit your backups and ensure compliance.

Policy-based backup

With AWS Backup, you can create backup policies known as backup plans. Use these backup plans to deﬁne your backup requirements and then apply them to the AWS resources that you want to protect across the AWS services that you use. You can create separate backup plans that each meet speciﬁc business and regulatory compliance requirements. This helps ensure that each AWS resource is backed up according to your requirements. Backup plans make it easy to enforce your backup strategy across your organization and across your applications in a scalable manner.

For all the conﬁguration options for backup plans, see Backup plan options and conﬁguration (p. 33).

Tag-based backup policies

You can use AWS Backup to apply backup plans to your AWS resources in a wide variety of ways, including tagging them. Tagging makes it easier to implement your backup strategy across all your applications and to ensure that all your AWS resources are backed up and protected. AWS tags are a great way to organize and classify your AWS resources. Integration with AWS tags enables you to

(13)

Lifecycle management policies

quickly apply a backup plan to a group of AWS resources, so that they are backed up in a consistent and compliant manner.

For all the ways you can assign your resources to backup plans, see Assigning resources to a backup plan (p. 39).

Lifecycle management policies

AWS Backup enables you to meet compliance requirements while minimizing backup storage costs by storing backups in a low-cost cold storage tier. You can conﬁgure lifecycle policies that automatically transition backups from warm storage to cold storage according to a schedule that you deﬁne.

For which resources support teiring to cold storage, see Feature availability by resource (p. 2). The cold storage expression is ignored for other backups.

Cross-Region backup

Using AWS Backup, you can copy backups to multiple diﬀerent AWS Regions on demand or automatically as part of a scheduled backup plan. Cross-Region backup is particularly valuable if you have business continuity or compliance requirements to store backups a minimum distance away from your production data. For more information, see Creating backup copies across AWS Regions.

Cross-account management and cross-account backup

You can use AWS Backup to manage your backups across all AWS accounts inside your AWS

Organizations structure. With cross-account management, you can automatically use backup policies to apply backup plans across the AWS accounts within your organization. This makes compliance and data protection eﬃcient at scale and reduces operational overhead. It also helps eliminate manually duplicating backup plans across individual accounts. For more information, see Managing AWS Backup resources across multiple AWS accounts.

You can also copy backups to multiple diﬀerent AWS accounts inside your AWS Organizations

management structure. This way, you can "fan in" backups to a single repository account, then "fan out"

backups for greater resilience. Creating backup copies across AWS accounts.

Before you can use the cross-account management and cross-account backup features, you must have an existing organization structure conﬁgured in AWS Organizations. An organizational unit (OU) is a group of accounts that can be managed as a single entity. AWS Organizations is a list of accounts that can be grouped into organizational units and managed as a single entity.

Auditing and reporting with AWS Backup Audit Manager

AWS Backup Audit Manager helps you simplify data governance and compliance management of your backups across AWS. AWS Backup Audit Manager provides built-in, customizable controls that you can align with your organizational requirements. You can also use these controls to automatically track your backup activities and resources.

AWS Backup Audit Manager can help you locate speciﬁc activities and resources that are not yet compliant with the controls that you deﬁned. It also generates daily reports that you can use to demonstrate evidence of compliance with your controls over time.

To include your backup compliance alongside your overall compliance posture, you can automatically import AWS Backup Audit Manager ﬁndings into AWS Audit Manager.

(14)

Incremental backups

AWS Backup efficiently stores your periodic backups incrementally. The first backup of an AWS resource backs up a full copy of your data. For each successive incremental backup, only the changes to your AWS resources are backed up. Incremental backups enable you to benefit from the data protection of frequent backups while minimizing storage costs.

For a list of which resources support incremental backups, see Feature availability by resource (p. 2).

Full AWS Backup management

Some resource types support full AWS Backup management. The beneﬁts of full AWS Backup management include:

• Independent encryption. AWS Backup automatically encrypts your backups with the KMS key of your AWS Backup vault, instead of using the same encryption key as your source resource. This increases your layers of defense. See Encryption for backups in AWS Backup (p. 158) for more information.

• awsbackup Amazon Resource Names (ARNs). Backup ARNs begin with arn:aws:backup instead of arn:aws:source-resource. This allows you to create access policies that apply speciﬁcally to backups and not the source resources. See Access control (p. 163) for more information.

• Centralized backup billing and Cost Explorer cost allocation tags.. Charges for AWS Backup

(including storage, data transfers, restores, and early deletion) appear under "Backup" in your Amazon Web Services bill, instead of appearing under each supported resource. You can also use Cost Explorer cost allocation tags to track and optimize your backup costs. See Metering, costs, and billing (p. 14) for more information.

To see which resource types are eligible for full AWS Backup management, see Feature availability by resource (p. 2).

Backup activity monitoring

AWS Backup provides a dashboard that makes it simple to audit backup and restore activity across AWS services. With just a few clicks on the AWS Backup console, you can view the status of recent backup jobs. You can also restore jobs across AWS services to ensure that your AWS resources are properly protected.

AWS Backup integrates with Amazon CloudWatch and Amazon EventBridge. CloudWatch allows you to track metrics and create alarms. EventBridge allows you to view and monitor AWS Backup events. For more information, see Monitoring AWS Backup events using EventBridge and Monitoring AWS Backup metrics with CloudWatch.

AWS Backup integrates with AWS CloudTrail. CloudTrail gives you a consolidated view of backup activity logs that make it quick and easy to audit how your resources are backed up. AWS Backup also integrates with Amazon Simple Notiﬁcation Service (Amazon SNS), providing you with backup activity notiﬁcations, such as when a backup succeeds or a restore has been initiated. For more information, see Logging AWS Backup API calls with CloudTrail and Using Amazon SNS to track AWS Backup events.

Secure your data in backup vaults

The content of each AWS Backup backup is immutable, meaning that no one can alter that content. AWS Backup further secures your backups in backup vaults, which separates them safely from their source instances. For example, your vault will retain your Amazon EC2 and Amazon EBS backups according to the lifecycle policy you choose, even if you delete the source Amazon EC2 instance and Amazon EBS volumes.

(15)

Support for compliance obligations

Backup vaults offer encryption and resource-based access policies that let you define who has access to your backups. You can define access policies for a backup vault that define who has access to the backups within that vault and what actions they can take. This provides a simple and secure way to control access to your backups across AWS services. To review AWS and customer managed policies for AWS Backup, see Managed policies for AWS Backup.

You can use AWS Backup Vault Lock to prevent anyone (including you) from deleting backups or altering their retention period. AWS Backup Vault Lock helps you enforce a write-once-read-many (WORM) model and add another layer of defense to your defense in depth. To get started, see AWS Backup Vault Lock.

Support for compliance obligations

AWS Backup helps you meet your global compliance obligations. AWS Backup is in scope of the following AWS compliance programs:

• FedRAMP High

• GDPR

• SOC 1, 2, and 3

• PCI

• HIPAA

• and many more

Getting started

To learn more about AWS Backup, we recommend that you start with Getting started with AWS Backup (p. 20).

(16)

Working with supported AWS services

AWS Backup: How it works

AWS Backup is a fully managed backup service that makes it easy to centralize and automate the backing up of data across AWS services. With AWS Backup, you can create backup policies called backup plans.

You can use these plans to deﬁne your backup requirements, such as how frequently to back up your data and how long to retain those backups.

AWS Backup lets you apply backup plans to your AWS resources by simply tagging them. AWS Backup then automatically backs up your AWS resources according to the backup plan that you deﬁned.

The following sections describe how AWS Backup works, its implementation details, and security considerations.

Topics

• How AWS Backup works with supported AWS services (p. 9)

• Metering, costs, and billing (p. 14)

• AWS Backup blogs, videos, tutorials, and other resources (p. 15)

How AWS Backup works with supported AWS services

Some AWS Backup-supported AWS services oﬀer their own, stand-alone backup features. Those features are available to you independent of whether you use AWS Backup. However, the backups other AWS services create are not available for central governance through AWS Backup.

To conﬁgure AWS Backup to centrally manage data protection for all your supported services, you must opt in to managing that service with AWS Backup, create an on-demand backup or schedule backups using a backup plan, and store your backups in backup vaults.

Topics

• Opt in to managing services with AWS Backup (p. 10)

• Working with Amazon S3 data (p. 10)

• Working with VMware virtual machines (p. 10)

• Working with Amazon DynamoDB (p. 11)

• Working with Amazon FSx ﬁle systems (p. 11)

• Working with Amazon EC2 (p. 12)

• Working with Amazon EFS (p. 13)

• Working with Amazon EBS (p. 13)

• Working with Amazon RDS and Aurora (p. 13)

• Working with AWS Storage Gateway (p. 13)

• Working with Amazon DocumentDB (p. 13)

• Working with Amazon Neptune (p. 14)

• How AWS services back up their own resources (p. 14)

(17)

Opt in to managing services with AWS Backup

When new AWS services become available, you must enable AWS Backup to use those services. If you try to create an on-demand backup or backup plan using resources from a service that is not enabled, you receive an error message and cannot complete the process.

Note

Service opt-in settings are Region-speciﬁc. If you change the AWS Region that you're using, you must reconﬁgure the services that you use with AWS Backup.

To conﬁgure the services used with AWS Backup

1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

2. In the navigation pane, choose Settings.

3. On the Service opt-in page, choose Conﬁgure resources.

4. Use the toggle switches to enable or disable the services used with AWS Backup.

Important

RDS, Aurora, Neptune, and DocumentDB share the same Amazon Resource Name (ARN).

Opting in to manage one of these resource types with AWS Backup opts in to all of them.

Regardless, we recommend you opt in all of them to accurately represent your opt-in status.

5. Choose Conﬁrm.

Working with Amazon S3 data

AWS Backup oﬀers fully-managed backup and restore for Amazon S3 backups. To learn more, see Creating S3 backups (p. 64).

• How to back up resources: Getting started with AWS Backup (p. 20)

• How to restore Amazon S3 data using AWS Backup: Restoring S3 data (p. 99)

For detailed information about S3 data, see the Amazon S3 documentation.

Working with VMware virtual machines

AWS Backup supports centralized and automated data protection for on-premises VMware virtual machines (VMs) along with VMs in the VMware Cloud™ (VMC) on AWS. You can back up from your on premises and VMC virtual machines to AWS Backup. Then, you can restore from AWS Backup to either on premises or VMC.

Backup gateway is downloadable AWS Backup software that you deploy to your VMware VMs to connect them to AWS Backup. The gateway connects to your VM management server to discover VMs, discovers your VMs, encrypts data, and eﬃciently transfers data to AWS Backup. The following diagram illustrates how Backup gateway connects to your VMs:

(18)

Working with Amazon DynamoDB

• How to back up resources: Creating virtual machine backups (p. 69)

• How to restore Amazon FSx resources: Restoring a virtual machine (p. 100)

Working with Amazon DynamoDB

AWS Backup supports backing up and restoring Amazon DynamoDB tables. DynamoDB is a fully- managed NoSQL database service that provides fast and predictable performance with seamless scalability.

Since its launch, AWS Backup has always supported DynamoDB. Starting November 2021, AWS Backup also introduced advanced features for DynamoDB backups. Those advanced features include copying your backups across AWS Regions and accounts, tiering backups to cold storage, and using tags for permissions and cost management.

New AWS Backup customers onboarding after November 2021 will have advanced DynamoDB backup features enabled by default.

We recommend all existing AWS Backup customers enable advanced features for DynamoDB. There is no diﬀerence in warm backup storage pricing after you enable advanced features, and you can save money by tiering backups to cold storage and optimize your costs by using cost allocation tags.

For a full list of advanced features and how to enable them, see Advanced DynamoDB backup (p. 80).

• How to restore DynamoDB resources: Restoring an Amazon DynamoDB table (p. 108)

For detailed information about DynamoDB, see What is Amazon DynamoDB? in the Amazon DynamoDB Developer Guide.

Working with Amazon FSx ﬁle systems

AWS Backup supports backing up and restoring Amazon FSx file systems. Amazon FSx provides fully managed third-party file systems with the native compatibility and feature sets for workloads. AWS Backup uses the built-in backup functionality of Amazon FSx. So backups taken from the AWS Backup console have the same level of file system consistency and performance, and the same restore options as backups that are taken through the Amazon FSx console.

If you use AWS Backup to manage these backups, you gain additional functionality, such as unlimited retention options, and the ability to create scheduled backups as frequently as every hour. In addition, AWS Backup retains your backups even after the source ﬁle system is deleted. This protects against accidental or malicious deletion.

(19)

Working with Amazon EC2

Use AWS Backup to protect Amazon FSx ﬁle systems if you want to conﬁgure backup policies and monitor backup tasks from a central backup console that also extends support for other AWS services.

• How to restore Amazon FSx resources: Restoring an FSX ﬁle system (p. 101)

For detailed information about Amazon FSx ﬁle systems, see the Amazon FSx documentation.

Working with Amazon EC2

Using AWS Backup, you can schedule or perform on-demand backup jobs that include entire EC2 instances and Windows applications running on Amazon EC2, along with associated conﬁguration data.

This limits the need for you to interact with the storage (Amazon EBS) volume. Similarly, you can restore an entire Amazon EC2 instance from a single recovery point. A backup job can only have one resource. So you can have a job to back up an EC2 instance, and it will back up the root volume, all data volumes, and the associated instance conﬁgurations.

AWS Backup does not reboot EC2 instances at any time.

Backing Up Amazon EC2 resources

When backing up an Amazon EC2 instance, AWS Backup takes a snapshot of the root Amazon EBS storage volume, the launch configurations, and all associated EBS volumes. AWS Backup stores certain configuration parameters of the EC2 instance, including instance type, security groups, Amazon VPC, monitoring configuration, and tags. The backup data is stored as an Amazon EBS volume-backed Amazon Machine Image (AMI).

You can also back up and restore your VSS-enabled Microsoft Windows applications. You can schedule application-consistent backups, deﬁne lifecycle policies, and perform consistent restores as part of an on-demand backup or a scheduled backup plan. For more information, see Creating Windows VSS backups (p. 83).

AWS Backup does not back up the following:

• Conﬁguration of the Elastic Inference accelerator, if it is attached to the instance.

• User data used when the instance was launched.

Note

For all instance types, only Amazon EBS-backed EC2 instances are supported. Ephemeral storage instances (that is, instance store-backed instances) are not supported.

AWS Backup can encrypt EBS snapshots associated with an Amazon EC2 backup. This is similar to how it encrypts EBS snapshots. AWS Backup uses the same encryption applied on the underlying EBS volumes when creating a snapshot of the Amazon EC2 AMI, and the conﬁguration parameters of the original instance are persisted in the restore metadata.

A snapshot derives its encryption from the volume as you have deﬁned, and the same encryption is applied to the corresponding snapshots. EBS snapshots of a copied AMI will always be encrypted. If you use a KMS key during the copy, the key will be applied. If you don't use a KMS key, a default KMS key is applied.

• How to restore Amazon EC2 resources: Restoring an Amazon EC2 instance (p. 113)

For detailed information about Amazon EC2, see What is Amazon EC2? in the Amazon EC2 User Guide for Windows Instances.

(20)

Working with Amazon EFS

AWS Backup supports Amazon Elastic File System (Amazon EFS).

• How to restore Amazon EFS resources: Restoring an Amazon EFS ﬁle system (p. 105)

For detailed information about Amazon EFS ﬁle systems, see What is Amazon Elastic File System? in the Amazon Elastic File System User Guide.

Working with Amazon EBS

AWS Backup supports Amazon Elastic Block Store (Amazon EBS) volumes.

• How to restore Amazon EBS volumes: Restoring an Amazon EBS volume (p. 104)

For detailed information about Amazon EBS volumes, see What is Amazon Elastic Block Store (Amazon EBS)? in the Amazon EC2 User Guide for Linux Instances.

For more information, see Creating an Amazon EBS Volume in the Amazon EC2 User Guide for Linux Instances.

Working with Amazon RDS and Aurora

AWS Backup supports Amazon RDS database engines and Aurora clusters.

• How to restore Amazon RDS resources: Restoring an RDS database (p. 110)

• How to restore Aurora clusters: Restoring an Amazon Aurora cluster (p. 111)

For more information about Amazon RDS, see What is Amazon Relational Database Service? in the Amazon RDS User Guide.

For detailed information about Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

Note

If you initiate a backup job from the Amazon RDS console, this can conﬂict with an Aurora clusters backup job, causing the error Backup job expired before completion. If this occurs, conﬁgure a longer backup window in AWS Backup.

Working with AWS Storage Gateway

AWS Backup supports Storage Gateway Volume Gateway. You can also restore Amazon EBS snapshots as Storage Gateway volumes.

• How to restore Storage Gateway resources: Restoring a Storage Gateway volume (p. 115).

Working with Amazon DocumentDB

AWS Backup supports Amazon DocumentDB clusters.

(21)

Working with Amazon Neptune

• How to restore Storage Gateway resources: Restoring a DocumentDB cluster (p. 116).

Working with Amazon Neptune

AWS Backup supports Amazon Neptune clusters.

• How to restore Amazon Neptune clusters: Restoring a Neptune cluster (p. 117).

How AWS services back up their own resources

You might refer to the technical documentation for a speciﬁc AWS service's backup and restore process, particularly when, during a restore, you need to conﬁgure a new instance of that AWS service. The following is a list of documenation:

• Amazon EC2 Related Services

• Using AWS Backup with Amazon EFS

• On-Demand Backup and Restore for DynamoDB

• Amazon EBS Snapshots

• Backing Up and Restoring Amazon RDS DB Instances

• Overview of Backing Up and Restoring an Aurora DB Cluster

• Using AWS Backup with FSx for Windows File Server

• Using AWS Backup with FSx for Lustre

• Backing Up Your Volumes in AWS Storage Gateway

• Backing Up and Restoring in Amazon DocumentDB

• Backing Up and Restoring an Amazon Neptune Cluster

Metering, costs, and billing

AWS Backup pricing

Current AWS Backup prices are available at AWS Backup pricing.

Important

To avoid additional charges, conﬁgure your retention policy with a warm storage duration of at least one week.

For example, assume you take daily backups and retain them for one day. Further, assume that your protected resources are so large it takes the entire day to complete your backup.

AWS Backup implements your retention period of one day and removes your backup from warm storage when your backup job completes. The next day, AWS Backup cannot create an incremental backup because you have no backup in warm storage. Since this retention period did not follow best practices, you run the risk and expense of creating a full backup every day.

Ask your technical account manager or solutions architect for guidance around your use case.

AWS Backup billing

When a resource type supports full AWS Backup management, charges for AWS Backup activity (including storage, data transfers, restores, and early deletion) appear in the "Backup" section of your

(22)

Cost allocation tags

Amazon Web Services bill. For a list of services that support full AWS Backup management, see the Full AWS Backup management section in the Feature availability by resource (p. 2) table.

When a resource type does not support full AWS Backup management, some of your AWS Backup activity, such as storage costs for your backups, might be and billed by the respective AWS service.

Cost allocation tags

You can use cost allocation tags to track and optimize AWS Backup costs on a detailed level, and view and ﬁlter those tags using AWS Cost Explorer, as long as the resource type supports full AWS Backup management. For a list of those resource types, see the Full AWS Backup management section in the Feature availability by resource (p. 2) table.

To use cost allocation tags, see Automating backups and optimizing backup costs for Amazon EFS using AWS Backup and Using Cost Allocation Tags.

AWS Backup Audit Manager pricing

AWS Backup Audit Manager charges for usage based on the number of control evaluations. A control evaluation is the evaluation of one resource against one control. Control evaluation charges appear on your AWS Backup bill. For current control evaluation pricing, see AWS Backup pricing.

To use AWS Backup Audit Manager controls, you must enable AWS Config recording to track your backup activity. AWS Config charges for each configuration item recorded, and these charges appear on your AWS Config bill. For current configuration item recorded pricing, see AWS Config pricing.

AWS Backup blogs, videos, tutorials, and other resources

For more information about AWS Backup, see the following:

• Obtain aggregated daily cross-account multi-Region AWS Backup reporting. With Wali Akbari and Sabith Venkitachalapathy (Feb. 2022).

• Automate visibility of backup ﬁndings using AWS Backup and AWS Security Hub. With Kanishk Mahajan (Jan. 2022).

• Top 10 security best practices for securing backups in AWS. With Ibukun Oyewumi (Jan. 2022).

• Optimizing SAS Grid on AWS with FSx for Lustre (and optimizing disaster recovery using AWS Backup).

With Matt Saeger and Shea Lutton (Jan. 2022).

• Centralizing data protection and compliance in Amazon Neptune with AWS Backup. With Brian O'Keefe (Nov. 2021).

• Manage backup and restore of Amazon DocumentDB (with MongoDB compatibility) with AWS Backup.

With Karthik Vijayraghavan (Nov. 2021).

• Simplify auditing your data protection policies with AWS Backup Audit Manager. With Jordan Bjorkman and Harshitha Putta (Nov. 2021).

• Enhance the security posture of your backups with AWS Backup Vault Lock. With Rolland Miller (Oct.

2021).

• How to retain resource tags in AWS Backup restore jobs. With Ibukun Oyewumi, Amee Shah, and Sabith Venkitachalapathy (Sep. 2021).

• Managing access to backups using service control policies with AWS Backup. With Sabith Venkitachalapathy and Ibukun Oyewumi (Aug. 2021).

(23)

Blogs, videos, tutorials, and other resources

• Automate centralized backup at scale across AWS services using AWS Backup. With Ibukun Oyewumi and Sabith Venkitachalapathy (Jul. 2021).

• Blog: How to simplify Microsoft SQL Server backup using AWS Backup and VSS. With Siavash Irani and Sepehr Samiei (Jul. 2021).

• Automate data recovery validation with AWS Backup. With Mahanth Jayadeva (Jun. 2021).

• Conﬁguring notiﬁcations to monitor AWS Backup jobs. With Virgil Ennes (Jun. 2021).

• Automating backups and optimizing backup costs for Amazon EFS using AWS Backup. With Prachi Gupta and Rohit Verma (Jun. 2021).

• Manage Amazon EFS backup costs: AWS Backup support for cost allocation tags. With Aditya Maruvada (May 2021).

• Create and share encrypted backups across accounts and Regions using AWS Backup. With Prachi Gupta (May 2021).

• AWS Backup is now FedRAMP High approved for your compliance and data protection needs. With Andy Grimes (May 2021).

• ZS Associates enhances backup eﬃciency with AWS Backup. With Mitesh Naik, Hiranand Mulchandani, and Sushant Jadhav (May 2021).

• Tutorial: Amazon EBS Backup and Restore using AWS Backup. With Fathima Kamal (Apr. 2021).

• Video Tutorial: Managing Cross-Region Copies of Backups. With David DeLuca (Apr. 2021).

• Delete multiple AWS Backup recovery points using AWS Tools for PowerShell. With Sherif Talaat (Apr.

2021).

• Cross-region and cross-account backups for Amazon FSx using AWS Backup. With Adam Hunter and Fathima Kamal (Apr. 2021).

• Amazon CloudWatch Events and Metrics for AWS Backup. With Rolland Miller (Mar. 2021).

• Tutorial: Amazon Relational Database Service (RDS) Backup and Restore using AWS Backup. With Fathima Kamal (Mar. 2021).

• Point-in-time recovery and continuous backup for Amazon RDS with AWS Backup. With Kelly Griﬃn (Mar. 2021).

• Automate AWS Backup with AWS Service Catalog. with John Husemoller (Jan. 2021).

• Secure data recovery with cross-account backup and Cross-Region copy using AWS Backup. With Cher Simon (Jan. 2021).

• AWS re:Invent recap: Data protection and compliance with AWS Backup. With Nancy Wang (Dec. 2020).

• AWS Backup provides centralized data protection across your AWS resources. With Nancy Wang (Nov.

2020).

• Tech Talk: Data protection at scale with AWS Backup. With Kareem Behairy (Sep. 2020).

• Centralized cross-account management with cross-Region copy using AWS Backup. With Cher Simon (Sep. 2020).

• Video Tutorial: Managing backups at scale in your AWS Organizations using AWS Backup. With Ildar Sharafeev (Jul. 2020).

• Managing backups at scale in your AWS Organizations using AWS Backup. With Nancy Wang, Avi Drabkin, Ganesh Sundaresan, and Vikas Shah (Jun. 2020).

• Recover Amazon EFS ﬁles and folders with AWS Backup. With Abrar Hussain and Gurudath Pai (May 2020).

• Scheduling automated backups using Amazon EFS and AWS Backup. With Rob Barnes (Dec. 2019).

• re:Invent Recording: AWS re:Invent 2019: Deep dive on AWS Backup ft. Rackspace. With Nancy Wang and Jason Pavao (Dec. 2019).

• Protecting your data with AWS Backup. With Anthony Fiore (Jul. 2019).

• Marketing Video: Introducing AWS Backup. Jan. 2019.

• Video: Introduction to AWS Backup. With AWS Training and Certiﬁcation.

(24)

Sign up for AWS

Setting up AWS for the ﬁrst time

Before you use AWS Backup for the ﬁrst time, complete the following tasks:

1.Sign up for AWS (p. 17) 2.Create an IAM user (p. 17) 3.Create an IAM role (p. 19)

Sign up for AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including AWS Backup. You are charged only for the services that you use.

For more information about AWS Backup usage rates, see the AWS Backup Pricing page.

If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the following procedure to create one.

To create an AWS account

1. Open https://portal.aws.amazon.com/billing/signup.

2. Follow the online instructions.

Part of the sign-up procedure involves receiving a phone call and entering a veriﬁcation code on the phone keypad.

Note your AWS account number, because you'll need it for the next task.

Create an IAM user

Services in AWS, such as AWS Backup, require that you provide credentials when you access them, so that the service can determine whether you have permissions to access its resources. AWS recommends that you do not use the AWS account root user to make requests. Instead, create an IAM user, and grant that user full access. We refer to these users as administrator users. You can use the admin user credentials, instead of the AWS account root user credentials, to interact with AWS and perform tasks, such as create a bucket, create users, and grant them permissions. For more information, see AWS account Root User Credentials vs. IAM User Credentials in the AWS General Reference and IAM Best Practices in the IAM User Guide.

If you signed up for AWS but have not created an IAM user for yourself, you can create one using the IAM console.

To create an administrator user for yourself and add the user to an administrators group (console)

1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

(25)

Create an IAM user

Note

We strongly recommend that you adhere to the best practice of using the Administrator IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks.

2. In the navigation pane, choose Users and then choose Add user.

3. For User name, enter Administrator.

4. Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.

5. (Optional) By default, AWS requires the new user to create a new password when ﬁrst signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.

6. Choose Next: Permissions.

7. Under Set permissions, choose Add user to group.

8. Choose Create group.

9. In the Create group dialog box, for Group name enter Administrators.

10. Choose Filter policies, and then select AWS managed - job function to ﬁlter the table contents.

11. In the policy list, select the check box for AdministratorAccess. Then choose Create group.

Note

You must activate IAM user and role access to Billing before you can use the

AdministratorAccess permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console.

12. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

13. Choose Next: Tags.

14. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.

15. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.

You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to speciﬁc AWS resources, see Access management and Example policies.

To sign in as this new IAM user, sign out of the AWS Management Console. Then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 1234-5678-9012, your AWS account ID is 123456789012):

https://your_aws_account_id.signin.aws.amazon.com/console/

Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays your_user_name@your_aws_account_id.

If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account alias. From the IAM dashboard, click Create Account Alias and enter an alias, such as your company name. To sign in after you create an account alias, use the following URL:

https://your_account_alias.signin.aws.amazon.com/console/

To verify the sign-in link for IAM users for your account, open the IAM console and check under AWS account Alias on the dashboard.

(26)

Create an IAM role

You can use the IAM console to create an IAM role that grants AWS Backup permissions to access supported resources. After you create the IAM role, you will create and attach policies to the role.

To create an IAM role with the console

1. Sign in to the AWS Management Console and open the IAM console.

2. In the IAM console, choose Roles in the navigation pane, and choose Create role.

3. Choose AWS Service Roles, and then choose Select for AWS Backup. Choose Next: Permissions.

4. On the Attach permissions policies page, check both AWSBackupServiceRolePolicyForBackup, and

AWSBackupServiceRolePolicyForRestores. These AWS managed policies grant AWS Backup permission to back up and restore all supported AWS resources. To learn more about managed policies and view examples, see Managed Policies.

Then, choose Next: Tags.

5. Choose Next: Review.

6. For Role Name, type a name that describes the purpose of this role. Role names must be unique within your AWS account. Because various entities might reference the role, you cannot edit the name of the role after you create it.

Choose Create Role.

7. On the Roles page, choose the role that you created to open its details page.

(27)

Prerequisites

Getting started with AWS Backup

This tutorial shows you the generic steps for using AWS Backup features and functionality. As with any part of this technical documentation, you should follow along with the AWS Management Console in the other window.

You can also learn how to use AWS Backup with a speciﬁc service by reading these tutorials:

• Amazon Relational Database Service (Amazon RDS) Backup and Restore using AWS Backup

• Tutorial: Amazon EBS Backup and Restore using AWS Backup

• Cross-Region and cross-account backups for Amazon FSx using AWS Backup

Topics

• Prerequisites (p. 20)

• Getting started 1: Service Opt-in (p. 21)

• Getting started 2: Create an on-demand backup (p. 21)

• Getting started 3: Create a scheduled backup (p. 23)

• Getting started 4: Create Amazon EFS automatic backups (p. 25)

• Getting started 5: View your backup jobs and recovery points (p. 26)

• Getting started 6: Restore a backup (p. 27)

• Getting started 7: Create an audit report (p. 28)

• Getting started 8: Clean up resources (p. 30)

Prerequisites

Before you begin, ensure that you have the following:

• An AWS account. For more information, see Setting up AWS for the ﬁrst time (p. 17).

• At least one resource supported by AWS Backup.

• You should be familiar with the AWS services and resources that you are backing up. See the list of supported AWS resources and third-party applications.

When new AWS services become available, enable AWS Backup to use those services.

To conﬁgure the AWS services to use with AWS Backup

1. Sign in to the AWS Management Console, and open the AWS Backup console at https://

console.aws.amazon.com/backup.

2. In the navigation pane, choose Settings.

3. On the Service opt-in page, choose Conﬁgure resources.

4. On the Configure resources page, use the toggle switches to enable or disable the services that are used with AWS Backup. Choose Confirm when your services are configured. Make sure that the AWS service you're opting in is available in your AWS Region. For information about supported Regions, see Service endpoints and quotas in the AWS General Reference.

(28)

Getting started 1: Service Opt-in

Note

If you set up automatic backups after enabling Amazon EFS for AWS Backup, your automatic backups will continue even if you opt out or disable Amazon EFS for AWS Backup. For more information, see Getting started 4: Create Amazon EFS automatic backups (p. 25). To disable automatic backups, use the Amazon EFS console or API.

• Make sure that the resources you're backing up are all in the same AWS Region.

To complete this tutorial, you can use your AWS account root user to sign in to the AWS Management Console. However, AWS Identity and Access Management (IAM) recommends that you not use the AWS account root user. Instead, create an administrator in your account and use those credentials to manage resources in your account. For more information, see Setting up AWS for the ﬁrst time (p. 17).

The AWS Backup console provides different options to back up your resources. You can create a backup on-demand, schedule and configure how you want the resource backed up, or configure resources to back up automatically when the resource is created.

Getting started 1: Service Opt-in

To use AWS Backup to protect some AWS services, you must aﬃrmatively opt in. For example, you must opt in to have AWS Backup manage Amazon EC2 AMIs and Amazon EBS snapshots. Opt-in choices apply to the speciﬁc account and AWS Region, so you might have to opt in to multiple Regions using the same account.

As AWS Backup supports more and more AWS services and third-party applications, you might need to revisit this step to opt in to those newly-supported resources.

If you do not opt in, AWS Backup does not govern backups you take in your AWS environment outside of AWS Backup.

To opt in to use AWS Backup to protect all supported resource types

2. In the left navigation pane, choose Settings.

3. Under Service opt-in, choose Conﬁgure resources.

4. Opt in to all AWS Backup-supported Resources by moving all the toggles to the right.

5. Choose Conﬁrm.

Next steps

To create an on-demand backup using AWS Backup, proceed to Getting started 2: Create an on-demand backup (p. 21).

Getting started 2: Create an on-demand backup

On the AWS Backup console, the Protected resources page lists resources that have been backed up by AWS Backup at least once. If you’re using AWS Backup for the ﬁrst time, there aren’t any resources, such as Amazon EBS volumes or Amazon RDS databases, listed on this page. This is true even if that resource was assigned to a backup plan if that backup plan has not run a scheduled backup job at least once.

(29)

Getting started 2: Create an on-demand backup

In this ﬁrst step, you create an on-demand backup of one of your resources. You will then see this resource listed on the Protected resources page.

To create an on-demand backup

2. Using the navigation pane, choose Protected resources, and then Create on-demand backup.

3. On the Create on-demand backup page, choose the resource type that you want to back up; for example, choose DynamoDB for Amazon DynamoDB tables.

4. Choose the name or ID of the resource that you want to protect. Make sure that the resource you chose is the one you want.

Note

For Amazon FSx for Lustre, only persistent deployment type is supported.

5. Ensure that Create backup now is selected. This initiates a backup immediately and enables you to see your saved resource sooner on the Protected resources page.

6. Specify a transition to cold storage value (if appropriate) and an expire value.

Note

• To see the list of resources that you can transition to cold storage, see the "Lifecycle to cold storage" section of the Feature availability by resource (p. 2) table. All other resource types are saved to warm storage, and ignore the transition to cold storage expression.

The Expire value is valid for all resource types.

• When backups expire and are marked for deletion as part of your lifecycle policy, AWS Backup deletes the backups at a randomly chosen point over the following 8 hours. This window helps ensure consistent performance.

7. Choose an existing backup vault. Choosing Create new backup vault opens a new page to create a vault and then returns you to the Create on-demand backup page when you are ﬁnished.

8. Under IAM role, choose Default role.

Note

If the AWS Backup default role is not present in your account, a role is created for you with the correct permissions.

9. If you want to assign one or more tags to your on-demand backup, enter a key and optional value, and choose Add tag.

Note

• For Amazon EC2 resources, AWS Backup automatically copies existing group and individual resource tags, in addition to any tags that you add to this backup. For more information, see Copying tags onto backups (p. 84).

• When creating a tag-based backup plan, if you choose a role other than Default role, make sure that it has the necessary permissions to back up all tagged resources. AWS Backup tries to process all resources with the selected tags. If it encounters a resource that it doesn't have permission to access, the backup plan fails.

10. Choose Create on-demand backup. This takes you to the Jobs page, where you will see a list of jobs.

11. If your resource type is EC2, the Advanced backup settings section will appear. Choose Windows VSS if your EC2 instance is running Microsoft Windows. This enables you to take application- consistent Windows VSS backups.

Note

AWS Backup currently supports application-consistent backups of resources running on Amazon EC2 only. Not all instance types or applications are supported for Windows VSS backups. For more information, see Creating Windows VSS backups (p. 83).

12. Choose the Backup job ID for the resource that you chose to back up to see the details of that job.

(30)

Next steps

To automate your backup activity, proceed to Getting started 3: Create a scheduled backup (p. 23).

Getting started 3: Create a scheduled backup

In this step of the AWS Backup tutorial, you create a backup plan, assign resources to it, and then create a backup vault.

Before you begin, ensure that you have the required prerequisites. For more information, see Getting started with AWS Backup (p. 20).

Topics

• Step 1: Create a backup plan based on an existing one (p. 23)

• Step 2: Assign resources to a backup plan (p. 24)

• Step 3: Create a backup vault (p. 24)

• Next steps (p. 25)

Step 1: Create a backup plan based on an existing one

A backup plan is a policy expression that deﬁnes when and how you want to back up your AWS resources, such as Amazon DynamoDB tables or Amazon Elastic File System (Amazon EFS) ﬁle systems.

You assign resources to backup plans, and AWS Backup then automatically backs up and retains backups for those resources according to the backup plan. For more information, see Managing backups using backup plans (p. 32).

There are two ways to create a new backup plan: You can build one from scratch or build one based on an existing backup plan. This example uses the AWS Backup console to create a backup plan by modifying an existing backup plan.

To create a backup plan from an existing one

2. From the dashboard, choose Manage Backup plans. Or, using the navigation pane, choose Backup plans and choose Create Backup plan.

3. Choose Start with template, choose a plan from the list (for example, Daily-Monthly-1yr- Retention), and enter a name in the Backup plan name box.

Note

If you try to create a backup plan that is identical to an existing plan, you get an AlreadyExistsException error.

4. On the plan summary page, choose the backup rule you want and then choose Edit.

5. Review and choose the values that you want for your rule. For example, you can extend the retention period of the backup in the Monthly rule to three years instead of one year. If your plan includes Amazon EFS backups, you can conﬁgure lifecycle policies that automatically transition these backups from warm storage to cold storage according to a schedule that you deﬁne.

6. For the backup vault, choose Default or choose Create new Backup vault to create a new vault.

(31)

Step 2: Assign resources to a backup plan

7. (Optional)- choose an AWS Region from the list in Destination region to copy the backup to diﬀerent Region. To add more Regions, choose Add copy.

8. When you have ﬁnished editing the rule, choose Save Backup rule.

On the Summary page, choose Assign resources to prepare for the next section.

Step 2: Assign resources to a backup plan

After you create a backup plan, you must assign your AWS resources to that backup plan. For more information about assigning resources, see Assigning resources to a backup plan (p. 39).

If you don’t already have existing AWS resources that you want to assign to a backup plan, create some new resources to use for this exercise. Create one or two resources using supported AWS resources and third-party applications.

To assign resources to a backup plan

1. The previous steps should have taken you to the Assign resources page.

2. Type in a Resource assignment name.

3. For IAM role, choose Default role. If you choose another role, it must have permissions to back up all the resources you assign.

4. In the Assign resources section, choose Include all resource types. A resource type is an AWS Backup-supported AWS service or third-party application. This backup plan will now protect all resource types that you have opted in to protect using AWS Backup

5. Choose Assign resources.

You return to the backup plan >Summary page. Choose Create backup planto deploy your ﬁrst backup plan!

Step 3: Create a backup vault

Instead of using the default backup vault that is automatically created for you on the AWS Backup console, you can create speciﬁc backup vaults to save and organize groups of backups in the same vault.

For more information about backup vaults, see Working with backup vaults (p. 50).

To create a backup vault

1. On the AWS Backup console, in the navigation pane, choose Backup vaults.

Note

If the navigation pane is not visible on the left side, you can open it by choosing the menu icon in the upper-left corner of the AWS Backup console.

2. Choose Create backup vault.

3. Enter a name for your backup vault. You can name your vault to reﬂect what you will store in it, or to make it easier to search for the backups you need. For example, you could name it FinancialBackups.

4. Select an AWS Key Management Service (AWS KMS) key. You can use either a key that you already created, or select the default AWS Backup KMS key.

Note

The AWS KMS key that is speciﬁed here applies only to backups of services that support AWS Backup independent encryption. To see the list of resources types that support AWS

AWS Backup

AWS Backup

Developer Guide

AWS Backup: Developer Guide

Table of Contents

What is AWS Backup?

Supported AWS resources and third-party applications

Features available for all supported resources

Feature availability by resource

Feature availability by AWS Region

Feature overview

Centralized backup management

Policy-based backup

Tag-based backup policies

Lifecycle management policies

Cross-Region backup

Cross-account management and cross-account backup

Auditing and reporting with AWS Backup Audit Manager

Incremental backups

Full AWS Backup management

Backup activity monitoring

Secure your data in backup vaults

Support for compliance obligations

Getting started

AWS Backup: How it works

How AWS Backup works with supported AWS services

Opt in to managing services with AWS Backup

Note

To conﬁgure the services used with AWS Backup

Important

Working with Amazon S3 data

Working with VMware virtual machines

Working with Amazon DynamoDB

Working with Amazon FSx ﬁle systems

Working with Amazon EC2

Note

Working with Amazon EFS

Working with Amazon EBS

Working with Amazon RDS and Aurora

Note

Working with AWS Storage Gateway

Working with Amazon DocumentDB

Working with Amazon Neptune

How AWS services back up their own resources

Metering, costs, and billing

AWS Backup pricing

Important

AWS Backup billing

Cost allocation tags

AWS Backup Audit Manager pricing

AWS Backup blogs, videos, tutorials, and other resources

Setting up AWS for the ﬁrst time

Sign up for AWS

To create an AWS account

Create an IAM user

To create an administrator user for yourself and add the user to an administrators group (console)

Note

Note

Create an IAM role

To create an IAM role with the console

Getting started with AWS Backup

Prerequisites

To conﬁgure the AWS services to use with AWS Backup

Note

Getting started 1: Service Opt-in

To opt in to use AWS Backup to protect all supported resource types

Next steps

Getting started 2: Create an on-demand backup

To create an on-demand backup

Note

Note

Note

Note

Note

Next steps

Getting started 3: Create a scheduled backup

Step 1: Create a backup plan based on an existing one

To create a backup plan from an existing one

Note

Step 2: Assign resources to a backup plan