Review: AWS Backup - A centralized place for managing backups?
You can also listen to this topic in our podcast!
AWS Backup aims to become a centralized place for managing backups. If possible, AWS Backup uses existing features to create backups (e.g., RDS snapshots). Sometimes, AWS Backup is the only way to create a backup (e.g., EFS file systems).
Backups (sometimes also referred to as recovery points) are stored in vaults. It is possible to protect a vault with an optional resource-based policy, e.g., to prevent anyone from deleting backups. The backup plan defines when backups are made and for how long the backups are stored. To be more precise, you only define when a backup job should start. After that, a job tries to start within a configurable period. You can also configure a timeout for the job. Finally, you assign resources to backup plans based on tags or direct assignments. After a disaster, you restore a backup by creating a restore job.
AWS Backup backs up and restores the following data sources:
- DynamoDB tables
- EFS file systems (supports cold storage to save cost12)
- EBS volumes
- RDS databases (except Amazon Aurora)
- Storage Gateway
The following data sources are not supported yet:
- S3 buckets
- EC2 instances
- Elastisearch domains
- Redshift clusters
- EMR clusters
- Cognito user pools
- DocumentDB clusters
- ElastiCache clusters
- Neptune clusters
- CloudDirectory directories
Keep in mind that restores are more complicated than a single click if you manage your infrastructure with CloudFormation. You should still practice restoring your data regularly.
If you create a backup, you might expect that all data up to a point in time where the backup was triggered appears in the backup. The following table shows what you can expect in reality.
|Data Source||Backup consistency guarantees|
|DynamoDB||❌ 1 / ✅ PITR13|
|EBS||⚠️ Crash consistent3|
|RDS||✅ Application consistent4|
|Storage Gateway||✅ Application consistent5|
AWS Backup can deliver notifications to SNS. My first impression was that the service does not publish failures to SNS6. Failures can happen for many reasons:
- The backup can not start within the defined time span
- The backup cannot complete within the specified period
- Some other error occurs (e.g., the RDS API throws an error)
The Reddit user greyskymorning
figured out that failures are published as an
The following overview shows the maturity of the service.
|Tags (Grouping + Billing)||✅||10|
|CloudFormation + Terraform support||✅||10|
|Emits CloudWatch Events||❌7||0|
|Integrated with AWS Config||❌9||0|
|Auditing via AWS CloudTrail||✅10||10|
|Available in all commercial regions||⚠️11||8|
|Total Maturity Score (0-10)||⚠️||6.3|
Our maturity score for AWS Backup is 6.3 on a scale from 0 to 10. Therefore, I recommend to evaluate and use AWS Backup with some restrictions listed below.
- AWS Backup is not yet the universal tool that creates backups of everything in a magic way.
- AWS Backup works fine for the supported services: DynamoDB, EFS, EBS, RDS, and Storage Gateway.
- There is no satisfactory alternative for backing up EFS besides AWS Backup.
- Keep in mind the provided consistency guarantees. You don’t know the exact time the backup job runs.
- I don’t think that AWS Backup is made for setups managed entirely with CloudFormation/Terraform. E.g., there is no way to create an EFS file system from a backup in CloudFormation.
- Only EFS backups support cold storage to save costs.
In summary, I like the idea that AWS Backup will be the single point where we configure and monitor the backups for all data stores. I will follow the announcements from AWS carefully.
Looking for a comprehensive introduction to computing, storing, and networking in the AWS cloud? Get a copy of our book Amazon Web Services in Action!
- 1. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/backuprestore_HowItWorks.html ↩
- 2. https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#backup-consistency ↩
- 3. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html ↩
- 4. For MySQL and MariaDB, only when InnoDB is used https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#Overview.BackupDeviceRestrictions ↩
- 5. https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeRecoveryPoints.html ↩
- 6. https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html ↩
- 7. https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html ↩
- 8. https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsbackup.html ↩
- 9. https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html ↩
- 10. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html ↩
- 11. https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ ↩
- 12. https://aws.amazon.com/backup/pricing/ ↩
- 13. Chttps://docs.aws.amazon.com/amazondynamodb/latest/developerguide/PointInTimeRecovery_Howitworks.html ↩