Last updated on June 23, 2023
AWS Backup Cheat Sheet
-
A service that enables you to centralize and automate data protection across AWS services and hybrid workloads.
Concepts
-
Backup plan
-
A policy expression that determines when and how you want your AWS resources backed up.
-
Stores periodic backups incrementally.
-
A backup plan can be created using the AWS Backup console, API, CLI, SDK, or an AWS CloudFormation template.
-
Backup plans can be assigned the following:
-
Resource type – every instance or resource.
-
Resource – a single instance of a resource type.
-
-
Supports multiple backup plans for workloads with different backup requirements.
-
To delete a backup plan, you must first delete all resources associated with it.
-
When you change the retention period in a backup rule, the retention period of backups created before the update remains unchanged.
-
-
Backup vault
-
A container to store and organize your backups.
-
You can just create multiple backup vaults if you need different encryption keys or access policies for different groups of backups.
-
To encrypt the backups placed in the vault, you will need to use an AWS KMS encryption key.
-
AWS Backup Vault Lock allows you to enforce retention periods and prevent early deletions.
-
You cannot delete the following backup vaults:
-
AWS Backup default backup vault.
-
Amazon EFS automatic backup vault.
-
-
-
Backup
-
The backup or recovery point is the content of a resource at a specific time.
-
Recovery points are stored in backup vaults.
-
A backup can be restored using the AWS Backup console or API.
-
Backups can be created:
-
Automatically with backup plans.
-
Manually by initiating an on-demand backup.
-
-
You can create backup copies across:
-
AWS Regions
-
AWS accounts
-
-
You can configure lifecycle policies and add tags to a backup.
-
-
AWS Backup Audit Manager
-
Audit Frameworks
-
A framework is a set of controls that allows you to assess your backup practices.
-
Find backup activity and resources that aren’t yet in compliance with the controls you’ve set up.
-
Each framework applies to a single account and a maximum of 10 per AWS Region.
-
Frameworks are classified into two types:
-
AWS Backup framework
-
Custom framework
-
-
-
Audit Reports
-
Automatically generate an audit trail of daily and on-demand reports.
-
You must create a report plan from a report template to create daily or on-demand reports.
-
Backup report templates
-
Compliance report templates
-
-
Reports can only be in the same region and account as the S3 bucket.
-
Each AWS account can only have a maximum of 20 report plans.
-
-
AWS Backup Monitoring
-
AWS Organizations manage and monitor backup, restore, and copy jobs across multiple AWS accounts.
-
Amazon EventBridge to view and monitor AWS Backup events.
-
AWS CloudWatch to track metrics, create alarms, and view dashboards.
-
AWS CloudTrail to monitor AWS Backup API calls.
-
Amazon SNS to subscribe and notify you of AWS Backup events.
AWS Backup Pricing
-
You are charged for the following:
-
Amount of backup storage you use.
-
Amount of backup data that has been transferred between AWS Regions.
-
Amount of backup data you restore.
-
Number of backup evaluations.
-
AWS Backup Cheat Sheet References:
https://aws.amazon.com/backup/
https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html