Skip to main content
HashnodeStalin's Blogs

Command Palette

Search for a command to run...

AWS Backup - A Saviour in bad times

Updated
3 min read
AWS Backup - A Saviour in bad times
S
Stalin Romi

You truly value something only when you lose it, when all your EC2 servers are running smoothly, you might not prioritize backups, but when some critical data is lost you understand its importance. Now backups come at a cost, so how do you choose only critical servers to be backed up regularly? How do you ensure your backups cannot be deleted?

Backup Plans

AWS Backup is a fully-managed service that automatically backs up your AWS resources like EC2, S3, RDS. These backups of your resources are stored in a container called vaults.

One of my colleague recently bought a life-term insurance, and he told us how his family’s future is safe even without him. Using AWS Backup, you ensure that you have a copy of your data, even if there’s an accidental deletion, any kind of attacks, you don’t need to worry about your data.

Cost Impact?

  • The cost is on resources being backup up, and not on the vaults, where these backups will be stored.

2 types of Backup vaults -

  1. Backup standard vault

    Primary vault, where vault lock is optional, encryption can be done by a kms key that is managed by customer or AWS.

  2. Logically air-gapped vault

    Vault lock is mandatory which is in compliance mode, only AWS owned kms key is allowed, which means, key stays in aws managed account, not customer’s, and you don’t need to worry to cross-account access policy. Additional feature in this of restoring resources, resource quickly with AWS RAM. (resource access manager).

Compliance mode? 🔒

No one can delete your backup, not even aws, and you can’t even change the retention period settings. Compliance mode is enabled by-default in an air-gapped vault. In a standard-vault, you can enable it as well with a grace period, let’s say, you select 7 days, then after 7 days all resources in the standard vault will be locked.

Create a Backup Plan

Let’s say you need daily backup of your critical EC2 servers, you can create a backup plan, you just need to do these things -

  1. Tag your servers

    How can aws backup identify your servers? Give the instance tag, eg. key - dailyBackup, value - true, and mention it in your backup plan.

  2. Backup frequency

    When should this backup happen? Interval can be hourly, daily, weekly, monthly, set a time when the backup job should start, ideally when you expect low traffic on your server.

  3. Backup window

    Within how much time should this backup start and complete?

  4. Retention

    How many copies do you want to keep?

  5. Move to cold storage

    You want to save cost? Move your backup to cold storage after a period and define when it should be deleted from there as well.

Sharing your Backups cross-account

If you want to share your backups with another aws accounts, then with Logically-air gapped vault, it is easy, since you can use RAM. (Resource access manager). If you are using standard vault, then you need to share it with another standard vault cross-account.

#aws#backup

Comments (1)

Join the discussion
J
John Paul Pandiri7mo ago

Hey Stalin, I’ve been following your posts I’m currently learning DevOps and really admire how clearly you explain complex stuff.

I’m trying to get better at devops and I’d love any advice or guidance you could share on how to approach it or what projects to start with.

Totally understand if you’re busy, but even a quick tip or direction would mean a lot. Thanks!

More from this blog

Stalin's Blogs

25 posts