Review: AWS Backup - A centralized place for managing backups?

Michael WittigUpdated 24 Oct 2019

AWS Backup aims to become a centralized place for managing backups. If possible, AWS Backup uses existing features to create backups (e.g., RDS snapshots). Sometimes, AWS Backup is the only way to create a backup (e.g., EFS file systems).

Review

Do you prefer listening to a podcast episode over reading a blog post? Here you go!

Backups (sometimes also referred to as recovery points) are stored in vaults. It is possible to protect a vault with an optional resource-based policy, e.g., to prevent anyone from deleting backups. The backup plan defines when backups are made and for how long the backups are stored. To be more precise, you only define when a backup job should start. After that, a job tries to start within a configurable period. You can also configure a timeout for the job. Finally, you assign resources to backup plans based on tags or direct assignments. After a disaster, you restore a backup by creating a restore job.

Supported data sources

AWS Backup backs up and restores the following data sources:

  • DynamoDB tables
  • EFS file systems (supports cold storage to save cost12)
  • EBS volumes
  • RDS databases (except Amazon Aurora)
  • Storage Gateway

The following data sources are not supported yet:

  • S3 buckets
  • EC2 instances
  • Elastisearch domains
  • Redshift clusters
  • EMR clusters
  • Cognito user pools
  • DocumentDB clusters
  • ElastiCache clusters
  • Neptune clusters
  • CloudDirectory directories

Keep in mind that restores are more complicated than a single click if you manage your infrastructure with CloudFormation. You should still practice restoring your data regularly.

Backup Consistency

If you create a backup, you might expect that all data up to a point in time where the backup was triggered appears in the backup. The following table shows what you can expect in reality.

Data Source Backup consistency guarantees
DynamoDB 1 / ✅ PITR13
EFS 2
EBS ⚠️ Crash consistent3
RDS ✅ Application consistent4
Storage Gateway ✅ Application consistent5

Notifications

AWS Backup can deliver notifications to SNS. My first impression was that the service does not publish failures to SNS6. Failures can happen for many reasons:

  1. The backup can not start within the defined time span StartWindowMinutes
  2. The backup cannot complete within the specified period CompletionWindowMinutes
  3. Some other error occurs (e.g., the RDS API throws an error)

The Reddit user greyskymorning figured out that failures are published as an BACKUP_JOB_COMPLETED event.

Service Maturity Table

The following overview shows the maturity of the service.

Criteria Support Score
Feature Completeness ⚠️ 4
Tags (Grouping + Billing) 10
CloudFormation + Terraform support 10
Emits CloudWatch Events 7 0
IAM granularity ⚠️8 8
Integrated with AWS Config 9 0
Auditing via AWS CloudTrail 10 10
Available in all commercial regions ⚠️11 8
Total Maturity Score (0-10) ⚠️ 6.3

Summary

Our maturity score for AWS Backup is 6.3 on a scale from 0 to 10. Therefore, I recommend to evaluate and use AWS Backup with some restrictions listed below.

  • AWS Backup is not yet the universal tool that creates backups of everything in a magic way.
  • AWS Backup works fine for the supported services: DynamoDB, EFS, EBS, RDS, and Storage Gateway.
  • There is no satisfactory alternative for backing up EFS besides AWS Backup.
  • Keep in mind the provided consistency guarantees. You don’t know the exact time the backup job runs.
  • I don’t think that AWS Backup is made for setups managed entirely with CloudFormation/Terraform. E.g., there is no way to create an EFS file system from a backup in CloudFormation.
  • Only EFS backups support cold storage to save costs.

In summary, I like the idea that AWS Backup will be the single point where we configure and monitor the backups for all data stores. I will follow the announcements from AWS carefully.

We have added AWS Backup to our CloudFormation templates: aws-cf-templates and cfn-modules.


Looking for a comprehensive introduction to computing, storing, and networking in the AWS cloud? Get a copy of our book Amazon Web Services in Action!


  1. 1. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/backuprestore_HowItWorks.html
  2. 2. https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#backup-consistency
  3. 3. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
  4. 4. For MySQL and MariaDB, only when InnoDB is used https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#Overview.BackupDeviceRestrictions
  5. 5. https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeRecoveryPoints.html
  6. 6. https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html
  7. 7. https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html
  8. 8. https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsbackup.html
  9. 9. https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html
  10. 10. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html
  11. 11. https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
  12. 12. https://aws.amazon.com/backup/pricing/
  13. 13. Chttps://docs.aws.amazon.com/amazondynamodb/latest/developerguide/PointInTimeRecovery_Howitworks.html

Michael Wittig

Michael Wittig

I’ve been building on AWS since 2012 together with my brother Andreas. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV, HyperEnv for GitHub Actions, and marbot.

Here are the contact options for feedback and questions.