General

Q: What is Amazon Backup?

A: Amazon Backup is a centralized backup service that makes it easy and cost-effective for you to back up your application data across Amazon Web Services in the Amazon Web Services Cloud and on premises, helping you meet your business and regulatory backup compliance requirements. Amazon Backup makes protecting your Amazon Web Services storage volumes, databases, and file systems simple by providing a central place where you can configure and audit the Amazon Web Services resources you want to back up, automate backup scheduling, set retention policies, and monitor all recent backup and restore activity.

Q: How does Amazon Backup work with other Amazon Web Services services that have backup capabilities?

A: Today, several Amazon Web Services services offer backup features that help you protect your data, such as EBS snapshots, RDS snapshots, Aurora snapshots, Amazon FSx backups, DynamoDB backups, and Storage Gateway snapshots. All existing per-service backup capabilities remain unchanged. Amazon Backup provides a new, common way to manage backups across Amazon Web Services services both in the Amazon Cloud and on premises. Amazon Backup introduces a centralized backup console that offers backup scheduling, retention management, and backup monitoring. Amazon Backup supports existing backup functionality provided by EBS, RDS, Amazon FSx, DynamoDB, and Storage Gateway. For Amazon Web Services services that have backup functionality built on Amazon Backup, such as Amazon EFS, Amazon Backup provides you with backup management capabilities, such as backup scheduling, retention management and backup monitoring, as well as additional features, such as lifecycling backups to a low-cost storage tier, backup storage and encryption that is independent from its source data, and backup access policies.

Q: Why should I use Amazon Backup?

A: Backing up your data is an important step towards protecting your application and ensuring that you meet your business and regulatory backup compliance requirements. Even durable resources are susceptible to threats like bugs in your application that could cause accidental deletions or corruption. Building and managing your own backup workflows across all your applications in a compliant and consistent manner can be complex and costly. Amazon Backup removes the need for costly, custom solutions or manual processes by providing a fully managed, policy-based backup solution that provides automated backup scheduling and backup retention management.

Q: How does Amazon Backup work?

A: To get started with Amazon Backup, create a backup policy called a backup plan, which defines parameters such as how frequently to back up your resources and how long to store those backups. You can then assign resources to backup plans and Amazon Backup will start automatically backing up these resources and managing backup retention on your behalf according to your backup plan. You can use Amazon Backup’s central console to view your Amazon Web Services resources that are being protected, restore from a backup, and monitor backup and restore activity.

Q: What are the key features of Amazon Backup?

A: Amazon Backup provides a centralized console, automated backup scheduling, backup retention management, and backup monitoring and alerting. Amazon Backup also offers advanced features such as lifecycling backups to a low-cost storage tier, backup storage and encryption that is independent from its source data, and backup access policies.

Q: What can I backup using Amazon Backup?

A: You can use Amazon Backup to manage the backups of EBS volumes, EC2 instances, RDS databases, DynamoDB tables, EFS file systems, Amazon FSx file systems, and Storage Gateway volumes.

Q: What can I back up using Amazon Backup?

A: You can use Amazon Backup to manage the backups of EBS volumes, RDS databases, DynamoDB tables, EFS file systems, EC2 instances and Storage Gateway volumes.

Q: Can I use Amazon Backup to back up on-premises data?

A: Yes. Amazon Backup integrates with Storage Gateway to enable you to back up your on-premises Storage Gateway volumes, providing a common way to manage the backups of your application data both on premises and in the Amazon Web Services cloud.

Q: Can I use Amazon Backup to access backups created by services with existing backup capabilities?

A: Yes. Backups created using services with existing backup capabilities, such as EBS snapshots or DynamoDB backups, can be accessed using Amazon Backup. Conversely, backups created by Amazon Backup can be accessed using the source service, like EBS or DynamoDB.

Q: How does Amazon Backup relate to Amazon Data Lifecycle Manager and when should I use one over the other?

A: Amazon Data Lifecycle Management (DLM) policies and backup plans created in Amazon Backup work independently from each other and provide two ways to manage EBS snapshots. DLM provides a simple way to manage the lifecycle of EBS resources, such as volume snapshots. You should use DLM when you want to automate the creation, retention, and deletion of EBS snapshots. You should use Amazon Backup to manage and monitor backups across the Amazon Web Services services you use, including EBS volumes, from a single place.

Core Concepts

Q: What is a recovery point?

A: A recovery point represents the content of a resource at a specified time. Recovery points also include metadata such as information about the resource, restore parameters, and tags.

Q: What is a Backup Plan?

A: A backup plan is a policy expression that defines when and how you want to back up your Amazon Web Services resources, such as DynamoDB tables or EFS file systems. You assign resources to backup plans and Amazon Backup will then automatically backup and retain backups for those resources according to the backup plan. Backup plans are composed of one or more backup rules. Each backup rule is composed of 1) a backup schedule, which includes the backup frequency (Recovery Point Objective - RPO) and backup window, 2) a lifecycle rule that specifies when to transition a backup from one storage tier to another and when to expire the recovery point, 3) the Backup Vault in which to place the created recovery points in, and 4) the tags to be added to backups upon creation. For example, a backup plan might have a “daily backup rule” and a “monthly backup rule”. The daily rule backs up resources every day at midnight and retains the backups for one month. The monthly rule takes a backup once a month on the beginning of every month and retains the backups for one year.

Q: What is a Backup Vault?

A: A Backup Vault is a logical backup container for your recovery points that allows you to organize your backups.

Q: How does Amazon Backup’s lifecycle feature work?

A: For Amazon Web Services services that introduce backup functionality built on Amazon Backup, such as Amazon EFS, Amazon Backup provides a lifecycle feature that allows you to automatically transition your recovery points from a warm storage tier backed by Amazon S3 that provides millisecond access time to your backups to a lower-cost cold storage tier backed by Glacier that provides a restore time of 3-5 hours.

Q: How does encryption work in Amazon Backup?

A: Backups from Amazon Web Services services that introduce backup functionality built on Amazon Backup, such as Amazon EFS, are encrypted in-transit and at-rest independently from the source services, giving your backups an additional layer of protection. Encryption is configured at the Backup Vault level. Backups from services with existing backup capabilities are encrypted using the source service’s backup encryption methodology. For example, EBS snapshots are encrypted using the encryption key of the volume the snapshot was created from.

Q: How do I use access policies in a Backup Vault to control access to backups?

A: Amazon Backup allows you to set resource-based policies on Backup Vaults, enabling you to control access to the Backup Vault and the backups in it.

Q: What services provide support for Amazon Backup’s advanced features?

A: Amazon EFS supports Amazon Backup’s advanced features with backup functionality integrated with Amazon Backup.

Write-Once-Read-Many (WORM)

Q: What is Amazon Backup Vault Lock?

A: Amazon Backup Vault Lock is a feature that enables you to prevent changes to backup lifecycle as well as prevent manual deletion of backups, helping you meet your compliance requirements. Amazon Backup Vault Lock implements safeguards that ensure you are storing your backups using a Write-Once-Read-Many (WORM) model.

Q: Why should I use Amazon Backup Vault Lock?

A: You should use Amazon Backup Vault Lock to ensure that no user, including administrators or perpetrators of malicious actions, can delete your backups or change their lifecycle settings such as retention periods and transition to cold storage. Amazon Backup keeps these backups according to your scheduled retention periods, helping you meet your business continuity goals. In addition, Amazon Backup Vault Lock works seamlessly with backup policies such as retention periods, cold storage transitioning, cross-account, and cross-Region copy, providing you an additional layer of protection and helping you meet your compliance requirements. Amazon Backup Vault Lock protects you from keeping backups that don’t meet your acceptable minimum and maximum retention periods.

Q: How does Amazon Backup Vault Lock differ from Amazon S3 Glacier Vault Lock?

A: While Amazon Backup Vault Lock applies to data residing in your Amazon Backup backup vault, Amazon S3 Glacier Vault Lock applies to an individual Amazon S3 Glacier Vault. Amazon Backup Vault Lock prevents manual deletion of backups and changes to backup lifecycle settings to help you centrally protect backups across Amazon Web Services services. Amazon S3 Glacier Vault Lock enables you to enforce compliance controls that are designed to support long-term records retention for individual Amazon S3 Glacier vaults.

Q: How does Amazon Backup Vault Lock work?

A: Amazon Backup Vault Lock is an optional configuration at the Amazon Backup vault level and comprises three properties: minimum acceptable retention days, maximum acceptable retention days, and a cooling-off period. It blocks backup deletion operations and changes to their lifecycle.

If you enable the Amazon Backup Vault Lock configuration, then Amazon Backup will protect all newly created recovery points in the vault against deletion and change to their lifecycle. Amazon Backup will also fail all backup jobs, with retention periods not meeting the Amazon Backup Vault Lock acceptable retention periods.

Amazon Backup Vault Lock ensures that your backups are available until they reach their retention periods and expire. If any user, including the root account user, attempts to delete a backup or update its lifecycle properties in a locked vault, Amazon Backup denies the operation.

The cooling-off period allows you to test the feature for a number of days you define. You can update and remove the Amazon Backup Vault Lock configuration as long as the cooling-off period has not expired. Once the cooling-off period expires, Amazon Backup will not allow any change to the configuration. 

Standard Product Icons (Features) Squid Ink
Learn more about pricing

There are no upfront costs to use Amazon Backup, and you pay only for the resources you use.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the Amazon Web Services Free Tier. 

Sign up 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with Amazon Backup in the Amazon Web Services Console.

Sign in