Centralized backup management
AWS Backup provides a centralized backup console, a set of backup APIs, and a command line interface to manage backups across the AWS services that your applications run on, including Amazon EBS, Amazon FSx, Amazon EC2, Amazon RDS, Amazon DynamoDB, Amazon EFS, and AWS Storage Gateway. With AWS Backup, you can centrally manage backup policies that meet your backup requirements and apply them to your AWS resources across AWS services, enabling you to back up your application data in a consistent and compliant manner. AWS Backup’s centralized backup console offers a consolidated view of your backups and backup activity logs, making it easier to audit your backups and ensure compliance.
Policy-based backup solution
With AWS Backup, you can create backup policies called backup plans that enable you to define your backup requirements and then apply them to the AWS resources you want backed up. You can create separate backup plans that meet specific business and regulatory compliance requirements, helping to ensure that each of your AWS resources are backed up and protected. Backup plans make it easy to implement your backup strategy across your organization and across your applications.
Tag-based backup policies
AWS Backup allows you to apply backup plans to your AWS resources by simply tagging them, making it easier to implement your backup strategy across all your applications and ensure that all your AWS resources are backed up and protected. AWS tags are a great way to organize and classify your AWS resources. Integration with AWS tags enables you to quickly apply a backup plan to a group of AWS resources, so that they are backed up in a consistent and compliant manner.
Automated backup scheduling
AWS Backup allows you to create backup schedules that you can customize to meet your business and regulatory backup requirements. You can also choose from predefined backup schedules based on common best practices. AWS Backup will automatically backup your AWS resources according to the policies and schedules you define. A backup schedule includes the backup start time, backup frequency, and backup window.
Automated retention management
With AWS Backup, you can set backup retention policies that will automatically retain and expire backups according to your business and regulatory backup compliance requirements. Automated backup retention management makes it easy to minimize backup storage costs by retaining backups for only as long as they are needed.
Backup activity monitoring
AWS Backup provides a dashboard that makes it simple to monitor backup and restore activity across AWS services. With just a few clicks in the AWS Backup console, you can view the status of recent backup jobs and restore jobs across AWS services to ensure that your AWS resources are properly protected. AWS Backup integrates with AWS CloudTrail, which provides you with a consolidated view of backup activity logs that make it quick and easy to audit what and how your resources are backed up. AWS Backup also integrates with Amazon Simple Notification Service (SNS), which can automatically alert you on backup activity, such as when a backup succeeds or a restore has been initiated.
AWS Backup Audit Manager
AWS Backup Audit Manager allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs. AWS Backup Audit Manager provides built-in compliance controls and allows you to customize these controls to define your data protection policies (e.g., backup frequency or retention period). It is designed to automatically detect violations of your defined data protection policies and will prompt you to take corrective actions. With AWS Backup Audit Manager, you can continuously evaluate backup activity and generate audit reports that can help you demonstrate compliance with regulatory requirements.
Lifecycle management policies
AWS Backup enables you to meet compliance requirements while minimizing backup storage costs by storing backups in a low-cost cold storage tier. You can configure lifecycle policies that will automatically transition backups from warm storage to cold storage according to a schedule that you define. For more information about lifecycle policies, click here.
AWS Backup efficiently stores your periodic backups incrementally. The first backup of an AWS resource backs up a full copy of your data. For each successive incremental backup, only the changes to your AWS resources are backed up. Incremental backups enable you to benefit from the data protection of frequent backups while minimizing storage costs. Currently, Amazon DynamoDB and Amazon Aurora do not support incremental backups.
Backup data encryption
AWS Backup encrypts your backup data at rest and in transit, providing a comprehensive encryption solution that secures your backup data and helps meet compliance requirements. AWS Backup encrypts your backup data using encryption keys managed by the AWS Key Management Service (KMS), eliminating the need to build and maintain a key management infrastructure. The keys used to encrypt your AWS Backup data are independent of the keys used to encrypt the resources that the backups are based on. Having separate encryption keys for your production and backup data provides an important layer of protection for your applications.
Backup access policies
With AWS Backup, you can set resource-based access policies on backup vaults. A backup vault is a container used for organizing your backups. Resource-based access policies enable you to control access to backups in a backup vault across all users, rather than having to define permissions for each user. This provides a simple and secure way to control access to your backups across AWS services and helps meet your backup compliance requirements.
Amazon EC2 instance backups
AWS Backup automates backup and recovery jobs for Amazon EC2 at the instance levels without the need for custom scripts or third-party solutions. Customers are now able to schedule backup jobs that include whole EC2 instances, limiting the need to interact with the storage (EBS) layer. Additionally, customers will be able to restore entire EC2 instances from a single recovery point, greatly simplifying the recovery process.
Item-level recovery for Amazon EFS
AWS Backup offers a fast and easy way for customers to restore an individual file or directory from the backup of an Amazon EFS file system. With AWS Backup, customers can quickly restore an individual file from a centralized console without having to restore entire file systems, reducing the recovery time from days to hours.
AWS Backup enables customers to copy backups across multiple AWS services to different regions, from a central console, making it easier to meet compliance and disaster recovery needs. With AWS Backup, customers can copy backups either manually, as on-demand copy or automatically as part of a scheduled backup plan to multiple different Regions. Customers can also recover from those backups in the new Region, reducing the risk of downtime and ensuring disaster recovery and business continuity requirements are met.
AWS Backup now supports cross-account backup, enabling AWS customers to securely copy their backups across their AWS accounts within their AWS organizations. With AWS Backup, customers can copy backups either manually, as on-demand copy or automatically as part of a scheduled backup plan to only the trusted destination accounts in the organization. In the event anything happens to a backup and its source account, customers can easily restore from the destination account or, alternatively, to the third account. Cross-account backup feature provides customers an additional layer of protection should the source account experience disruption from accidental or malicious deletion, disasters, or ransomware.