Centralized backup management
AWS Backup provides a centralized backup console, a set of backup APIs, and a command line interface to manage backups across the AWS services your applications run on, including Amazon Simple Storage Service (S3), Amazon Elastic Block Store (EBS), Amazon FSx, Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon DynamoDB, Amazon Elastic File System (EFS), AWS Storage Gateway, Amazon Neptune, Amazon DocumentDB (with MongoDB compatibility), as well hybrid applications like VMware workloads running on premises and in VMware CloudTM on AWS. As a result, with AWS Backup, you can centrally manage backup policies that meet your backup requirements and apply them to your AWS resources across AWS services and hybrid cloud workloads, allowing you to back up your application data consistently and in accordance with compliance efforts. In addition, the AWS Backup centralized backup console offers a consolidated view of your backups and backup activity logs, making it easier to audit your backups and help ensure compliance.
Policy-based backup solution
With AWS Backup, you can create backup policies called backup plans that enable you to define your backup requirements and then apply them to the AWS resources you want backed up. You can create separate backup plans that meet specific business and regulatory compliance requirements, helping to ensure that each of your AWS resources is backed up and protected. Backup plans make it easy to implement your backup strategy across your organization and across your applications.
Tag-based backup policies
AWS Backup allows you to apply backup plans to your AWS resources by simply tagging them, making it easier to implement your backup strategy across all your applications and ensure that all your AWS resources are backed up and protected. AWS tags are a great way to organize and classify your AWS resources. Integration with AWS tags enables you to quickly apply a backup plan to a group of AWS resources so that they are backed up in a consistent and compliant manner.
Automated backup scheduling
AWS Backup allows you to create backup schedules that you can customize to meet your business and regulatory backup requirements. You can also choose from predefined backup schedules based on common best practices. AWS Backup will automatically back up your AWS resources according to the policies and schedules you define. A backup schedule includes the backup start time, backup frequency, and backup window.
Automated retention management
With AWS Backup, you can set backup retention policies that will automatically retain and expire backups according to your business and regulatory backup compliance requirements. Automated backup retention management makes it easy to minimize backup storage costs by retaining backups for only as long as they are needed.
Backup activity monitoring
AWS Backup provides a dashboard that makes it simple to monitor backup and restore activity across AWS services. With just a few clicks in the AWS Backup console, you can view the status of recent backup jobs and restore jobs across AWS services to ensure that your AWS resources are properly protected. AWS Backup integrates with AWS CloudTrail, which provides you with a consolidated view of backup activity logs that make it quick and easy to audit resources are backed up and how. AWS Backup also integrates with Amazon Simple Notification Service (SNS), which can automatically alert you on backup activity, such as when a backup succeeds or a restore has been initiated.
AWS Backup Audit Manager
AWS Backup Audit Manager allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs. AWS Backup Audit Manager provides built-in compliance controls and allows you to customize these controls to define your data protection policies (such as backup frequency or retention period). It is designed to automatically detect violations of your defined data protection policies and will prompt you to take corrective actions. With AWS Backup Audit Manager, you can continuously evaluate backup activity and generate audit reports that can help you demonstrate compliance with regulatory requirements.
AWS Backup Vault Lock
AWS Backup Vault Lock allows you to protect your backups from deletion or changes to their lifecycle by inadvertent or malicious changes. You can use the AWS CLI, AWS Backup API, or AWS Backup SDK to apply the AWS Backup Vault Lock protection to an existing vault or a new one. AWS Backup Vault Lock works seamlessly with backup policies such as retention periods, cold storage transitioning, cross-account, and cross-Region copy, providing you an additional layer of protection and helping you meet your compliance requirements. While AWS Backup Vault Lock helps you implement safeguards that ensure you are storing your backups using a Write-Once-Read-Many (WORM) model, the feature has not yet been assessed for compliance with the Securities and Exchange Commission (SEC) rule 17a-4(f) and the Commodity Futures Trading Commission (CFTC) in regulation 17 C.F.R. 1.31(b)-(c).
Lifecycle management policies
AWS Backup enables you to meet compliance requirements while minimizing backup storage costs by storing backups in a low-cost cold storage tier. You can configure lifecycle policies that will automatically transition backups from warm storage to cold storage according to a schedule that you define. For more information about lifecycle policies, click here.
AWS Backup efficiently stores your periodic backups incrementally. The first backup of an AWS resource backs up a full copy of your data. For each successive incremental backup, only the changes to your AWS resources are backed up. Incremental backups enable you to benefit from the data protection of frequent backups while minimizing storage costs. Currently, Amazon DynamoDB, Amazon Aurora, Amazon DocumentDB (with MongoDB compatibility), and Amazon Neptune do not support incremental backups.
Backup data encryption
AWS Backup encrypts your backup data at rest and in transit, providing a comprehensive encryption solution that secures your backup data and helps meet compliance requirements. AWS Backup encrypts your backup data using encryption keys managed by the AWS Key Management Service (KMS), eliminating the need to build and maintain a key management infrastructure. The keys used to encrypt your AWS Backup data are independent of the keys used to encrypt the resources that the backups are based on. Having separate encryption keys for your production and backup data provides an important layer of protection for your applications.
Backup access policies
With AWS Backup, you can set resource-based access policies on backup vaults. A backup vault is a container used for organizing your backups. Resource-based access policies enable you to control access to backups in a backup vault across all users, rather than having to define permissions for each user. This provides a simple and secure way to control access to your backups across AWS services and helps meet your backup compliance requirements.
Amazon EC2 instance backups
AWS Backup automates backup and recovery jobs for Amazon EC2 at the instance levels without the need for custom scripts or third-party solutions. You can now schedule backup jobs that include whole EC2 instances, limiting the need to interact with the storage (EBS) layer. Additionally, you can restore entire EC2 instances from a single recovery point, greatly simplifying the recovery process.
Item-level recovery for Amazon EFS
AWS Backup offers a fast and easy way to restore an individual file or directory from the backup of an Amazon EFS file system. With AWS Backup, you can quickly restore an individual file from a centralized console without having to restore entire file systems, reducing the recovery time from days to hours.
AWS Backup enables you to copy backups across multiple AWS services to different Regions from a central console, making it easier to meet compliance and disaster recovery needs. With AWS Backup, you can copy backups either manually, as on-demand copy, or automatically as part of a scheduled backup plan to multiple different Regions. You can also recover from those backups in the new Region, reducing the risk of downtime and ensuring disaster recovery and business continuity requirements are met.
AWS Backup now supports cross-account backup, enabling you to securely copy your backups across your AWS accounts within your AWS organizations. With AWS Backup, you can copy backups either manually, as on-demand copy, or automatically as part of a scheduled backup plan to only the trusted destination accounts in the organization. In the event anything happens to a backup and its source account, you can easily restore from the destination account or, alternatively, to the third account. The cross-account backup feature gives you an additional layer of protection should the source account experience disruption from accidental or malicious deletion, disasters, or ransomware.
There are no upfront costs to use AWS Backup, and you pay only for the resources you use.
Instantly get access to the AWS Free Tier.
Get started building with AWS Backup in the AWS Management Console.