A service that enables you to centralize and automate data protection across AWS services and hybrid workloads.
A policy expression that determines when and how you want your AWS resources backed up.
Stores periodic backups incrementally.
A backup plan can be created using the AWS Backup console, API, CLI, SDK, or an AWS CloudFormation template.
Backup plans can be assigned the following:
Resource type – every instance or resource.
Resource – a single instance of a resource type.
Supports multiple backup plans for workloads with different backup requirements.
To delete a backup plan, you must first delete all resources associated with it.
When you change the retention period in a backup rule, the retention period of backups created before the update remains unchanged.
A container to store and organize your backups.
You can just create multiple backup vaults if you need different encryption keys or access policies for different groups of backups.
To encrypt the backups placed in the vault, you will need to use an AWS KMS encryption key.
AWS Backup Vault Lock allows you to enforce retention periods and prevent early deletions.
You cannot delete the following backup vaults:
AWS Backup default backup vault.
Amazon EFS automatic backup vault.
The backup or recovery point is the content of a resource at a specific time.
Recovery points are stored in backup vaults.
A backup can be restored using the AWS Backup console or API.
Backups can be created:
Automatically with backup plans.
Manually by initiating an on-demand backup.
You can create backup copies across:
You can configure lifecycle policies and add tags to a backup.
AWS Backup Audit Manager
A framework is a set of controls that allows you to assess your backup practices.
Find backup activity and resources that aren’t yet in compliance with the controls you’ve set up.
Each framework applies to a single account and a maximum of 10 per AWS Region.
Frameworks are classified into two types:
AWS Backup framework
Automatically generate an audit trail of daily and on-demand reports.
You must first create a report plan from a report template in order to create daily or on-demand reports.
Backup report templates
Compliance report templates
Reports can only be in the same region and account as the S3 bucket.
Each AWS account can only have a maximum of 20 report plans.
AWS Organizations to manage and monitor backup, restore, and copy jobs across multiple AWS accounts.
Amazon EventBridge to view and monitor AWS Backup events.
AWS CloudWatch to track metrics, create alarms, and view dashboards.
AWS CloudTrail to monitor AWS Backup API calls.
Amazon SNS to subscribe and notify you of AWS Backup events.
You are charged for the following:
Amount of backup storage you use.
Amount of backup data that has been transferred between AWS Regions.
Amount of backup data you restore.
Number of backup evaluations.