Getting Started Resource Center
Developer Tools

Getting Started / Hands-on / ...

Protecting Amazon FSx for Windows File Server Using AWS Backup

TUTORIAL

Overview

With AWS Backup, a fully managed and compliance-ready service, you can centralize and automate data protection across AWS services. Using AWS Backup, you can protect key data stores on demand, on a specific schedule by creating a backup plan, and for specific resources by using tags, which help you organize and classify your AWS resources.

If you need to meet enterprise governance or industry compliance requirements, you can define backups that follow a specific frequency and retention period. With AWS Backup, you can create backups as frequently as every hour, with unlimited retention options. You can also use AWS Backup to copy backups across AWS Regions and accounts.  
 
When you use AWS Backup to back up an Amazon FSx for Windows File Server system, it uses Amazon FSx’s built-in backup functionality. Backups created using the AWS Backup console have the same level of file system consistency and performance, and the same number of restore options, as backups created through the Amazon FSx console. In this tutorial, we provide step-by-step guidance for protecting your FSx for Windows file servers using AWS Backup.

What you will accomplish

In this tutorial, you will:

  • Create a standalone, on-demand backup of an Amazon FSx for Windows file system with AWS Backup.
  • Create a backup plan to automate your backups on a schedule.
  • Define resources to be protected by adding them to an existing backup plan using tags.

Prerequisites

To complete this tutorial, you need:

 

 AWS experience

Intermediate

 Minimum time to complete

10 minutes

 Cost to complete

< $1 for 10 GB file system (Amazon FSx for Windows File Server Pricing)
Assume you want to store 10 GB of general-purpose file share data using HDD storage in the US East (N. Virginia) Region. The total monthly charge for storage and backup would be:

Storage: 10 GB x $0.025 per GB, per month = $0.25 per month
Backup: 10 GB x $0.050 per GB, per month = $0.50 per month

 Requires

  • IAM roles used by AWS Backup to create a backup of an Amazon FSx Windows file server.
    • If a subsequent role is not created, then the default IAM role can be used (AWSBackupDefaultRole)

 Services used

AWS Backup, Amazon FSx for Windows File Server

 Last updated

March 1, 2023

Implementation

Step 1: Go to the AWS Backup console

1.1 – Sign in

Step 2: Configure an on-demand AWS Backup job of an Amazon FSx for Windows File Server

2.1 – Configure the services used with AWS Backup

  • In the navigation pane on the left of the console, choose Settings.
  • On the Service opt-in page, choose the Configure resources button.
  • On the Configure resources page, use the toggle switches to enable or disable the services used with AWS Backup. In this case, select FSx. Choose Confirm when your services are configured.
    • AWS resources that you're backing up should be in the Region that you're using for this tutorial. Your resources must all be in the same AWS Region. This tutorial uses the US East (N. Virginia) Region (us-east-1).
       

2.2 — Create an on-demand backup job of an Amazon FSx file system

  • Back in the AWS Backup console, under My account in the left navigation pane, select Protected resources. Then choose the Create on-demand backup button.
  • 2.2.1 — Create an on-demand backup job of an Amazon FSx file server (continued)
    • On the Create on-demand backup page, choose the Resource type that you want to back up; for example, choose FSx for Amazon FSx file server.
    • Choose the File system ID of the FSx resource that you want to protect.
    • In the Backup window section, select Create backup now. This initiates a backup immediately and enables you to see your saved resource sooner on the Protected resources page.
    • In the Retention period section, select Days and enter the number of days you want to retain the backups for. In this example, we selected 7 days.
    • In the Backup vault section, select one of the pre-existing vaults and continue with step 2.3, or follow step 2.2.2 to create a new backup vault (which begins with selecting Create new Backup vault) before continuing with step 2.3.

 

  • 2.2.2 — Create a backup vault (Optional): Instead of using the default backup vault that is automatically created for you in the AWS Backup console, you can create specific backup vaults to save and organize groups of backups in the same vault.
    • On the Create on-demand backup page, choosing Create new Backup vault opens a new page to create a vault, and you are returned to the Create on-demand backup page after you are finished.
      • You can also go to the AWS Backup console in the navigation pane on the left and select Backup vaults and then Create backup vault to create a backup vault.
    • Enter a name for your backup vault. You can name your vault to reflect what you will store in it, which will also make it easier to search for the backups you need. For example, you could name it WebappBackups.
    • Select an AWS Key Management Service (AWS KMS) key. You can use either a key that you already created, or select the default AWS Backup KMS key.

  • 2.2.2 — Create a backup vault (continued)
    • Optionally, add tags that will help you search for and identify your backup vault.
  • 2.2.2 — Create a backup vault (continued)
    • Back on the Create on-demand backup page, after you have selected an existing backup vault or created a new one, choose the Default role for the IAM role, as shown in the following screenshot, or Choose an IAM role.
      • Note: If the AWS Backup Default role is not present in your account, one will be created for you with the correct permissions.
      • Choose the Create on-demand backup button. This takes you to the Jobs page, where you will see a list of jobs.

2.3 — Checking job details

  • In the Jobs panel under My account, ensure the Backup jobs tab is selected.
  • Choose the Backup job ID for the resource that you chose to back up to see the details of that job.
  • The Status of the backup job will go from Created to Completed once the backup is completed.

Step 3: Configure an automatic AWS Backup job of an Amazon FSx file server using AWS Backup

3.1 — Configure the services used with AWS Backup

  • Sign in to the AWS Management Console, and open the AWS Backup console.
  • In the navigation pane on the left, under the My account section, choose Settings.
  • On the Service opt-in page, choose the Configure resources button.

  • On the Configure resources page, use the toggle switches to enable or disable the services used with AWS Backup. Choose Confirm when your services are configured.
    • AWS resources that you're backing up should be in the Region that you're using for this tutorial. Your resources must all be in the same AWS Region. This tutorial uses the US East (N. Virginia) Region (us-east-1).

3.2 — Configure a backup plan for an Amazon FSx for Windows file system

  • In the AWS Backup console, under My account, select Backup plans in the left navigation pane, and then choose the Create Backup plan button.
  • 3.2.1 — Configure a backup plan for an Amazon FSx for Windows file system (continued)
    • AWS Backup provides three ways to get started using the AWS Backup console:
      • Start from an existing plan: You can create a new backup plan based on the configurations in an existing plan. Be aware that backup plans created by AWS Backup are based on backup best practices and common backup policy configurations available in the AWS Backup Developer Guide. When you select an existing backup plan to start from, the configurations from that backup plan are automatically populated for your new backup plan. You can then change any of these configurations according to your backup requirements.
      • Build a new plan from scratch: You can create a new backup plan by specifying each of the backup configuration details, as described in the next section. You can choose from the recommended default configurations.
      • Define a plan using JSON: You can modify the JSON expression of an existing backup plan or create a new expression.
    • Backup plan name - You must provide a unique backup plan name. If you try to create a backup plan that is identical to an existing plan, you get an AlreadyExistsException error.

  • 3.2.2 — Configure a backup plan for an Amazon FSx for Windows file system (continued)
    • Backup rule name - Backup plans are composed of one or more backup rules. Backup rule names are case sensitive and must contain from 1 to 63 alphanumeric characters or hyphens.
    • In the Backup vault section, you can select the default vault or one of the pre-existing vaults. Backups created by a backup rule are organized in the backup vault that you specify in the backup rule. You can use backup vaults to set the AWS KMS encryption key that is used to encrypt backups in the backup vault and to control access to the backups in the backup vault. You can also add tags to backup vaults to help you organize them. If you don't want to use the default vault, you can create your own.
    • Create new Backup vault - Instead of using the default backup vault that is automatically created for you in the AWS Backup console, you can create specific backup vaults to save and organize groups of backups in the same vault. To create a new backup vault, refer to step 3.3.
    • In the Backup Frequency section, choose Daily. The backup frequency determines how often a backup is created. You can choose a frequency of every 12 hours, daily, weekly, or monthly. When selecting weekly, you can specify which days of the week you want backups to be taken. When selecting monthly, you can choose a specific day of the month.
    • In the Backup window section, select Use backup window defaults, which initiates the backup job at 5 AM UTC (Coordinated Universal Time) and lasts 8 hours. If you would like to customize the backup frequency, refer to the documentation for more information.
    • In the Transition to cold storage section, enter 7 as the number of days you want to retain the backups in warm storage.
    • In the Retention period section, select Days and enter 100 as the number of days that you want to retain the backups in cold storage. Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

  • 3.2.3 — Configure a backup plan for an Amazon FSx for Windows file system (continued)
    • In the Copy to destination section, leave it as the default, since this tutorial covers backups within the same AWS Region. As part of your backup plan, you can optionally create a backup copy in another AWS Region. Using AWS Backup, you can copy backups to multiple AWS Regions on-demand, or automatically as part of a scheduled backup plan. Cross-region replication is particularly valuable if you have business continuity or compliance requirements to store backups a minimum distance away from your production data. When you define a backup copy, you configure the following options:
      • Destination Region: The destination Region for the backup copy
      • (Advanced Settings) Backup Vault: The destination backup vault for the copy.
      • (Advanced Settings) IAM Role: The IAM role that AWS Backup uses when creating the copy. The role must also have AWS Backup listed as a trusted entity, which enables AWS Backup to assume the role. If you choose Default and the AWS Backup default role is not present in your account, a role is created for you with the correct permissions.
      • (Advanced Settings) Lifecycle: Specifies when to expire (delete) the copy.
      • Note: Cross-region copy incurs additional data transfer costs. You can refer to AWS Backup pricing for more details.
    • Tags added to recovery points: The tags that you list here are automatically added to backups when they are created.
    • Advanced backup settings: Enables application-consistent backups for third-party applications that are running on Amazon EC2 instances. Currently, AWS Backup supports Windows VSS backups. This is only applicable for EC2 Instances running SQL Server or Exchange databases. You can refer to the documentation for more details.
    • Then, choose the Create plan button. Once the plan is created, tags and resources can be added to the backup plan.

3.3 — Create a backup vault

  • When using AWS Backup Vaults for the first time in the console, a default vault will be created, but we will create a new one for this tutorial.
  • In the AWS Backup console, in the left navigation pane under My account, select Backup vaults.
  • Choose Create backup vault.
  • Enter a name for your backup vault. You can name your vault to reflect what you will store in it, which will also make it easier to search for the backups you need. For example, you could name it WebappBackups.
  • Select an AWS KMS key. You can use either a key that you already created, or select the default AWS Backup KMS key.

3.3.1 — Create a backup vault (continued)

  • Optionally, add tags that will help you search for and identify your backup vault.

3.4 — Assign resources to the backup plan

  • When you assign a resource to a backup plan, that resource is backed up automatically according to the backup plan. The backups for that resource are managed according to the backup plan. You can assign resources using tags or resource IDs. Using tags to assign resources is a simple and scalable way to back up multiple resources.
  • Select the created backup plan and choose the Assign resources button.

3.4.1 — Assign resources to the backup plan (continued)

  • Resource assignment name: Provide a resource assignment name.
  • IAM role: When creating a tag-based backup plan, if you choose a role other than Default role, make sure that it has the necessary permissions to back up all tagged resources. AWS Backup tries to process all resources with the selected tags. If it encounters a resource that it doesn't have permission to access, the backup plan fails.

  • 3.4.2 — Assign resources to the backup plan (continued)
    • Define resource selection – You can select Include all resource types. This option will select all resources and it can be further refined to only include a subset with key value pair selection in the step below.
    • Refine selection using tags – This feature allows you to refine your current selection to include a subset of your resources using tags.
    • Select Assign resources – The backup plan will then have the resources assigned to it.

Navigate to the AWS Backup console and select Jobs in the left navigation pane. Once there, you will be able to see your Backup jobs.

A backup, or recovery point, represents the content of a resource, such as an Amazon FSx file system or Amazon RDS database, at a specified time. Recovery point is a term that refers generally to the different backups in AWS services, such as Amazon EBS snapshots and Amazon RDS backups. In AWS Backup, recovery points are saved in backup vaults, which you can organize according to your business needs. Each recovery point has a unique ID.

Step 4: Restore an Amazon FSx file server using AWS Backup

4.1 — Restoring your Amazon FSx file server instance

  • Navigate to the backup vault that was selected in the backup plan and select the latest completed backup. To restore the FSx file server, select the recovery point ARN (Amazon Resource Number) and choose the Restore button.
  • 4.1.1 — Restoring your Amazon FSx file server instance (continued)
    • The restore of the ARN will bring you to a Restore backup screen that will have the configurations for the FSx file system details.
    • In the File system details, you can see the ID of the backup under Backup ID, and the file system type under File system type.
      • Enter the name of the file system.
      • Choose a Deployment type and accept the default. You cannot change the deployment type of a file system during restore.
      • Choose the Storage type and accept the default. Note that you cannot change the storage capacity of a file system during restore.

  • 4.1.2 — Restoring your Amazon FSx file server instance (continued)
    • Choose Recommended throughput capacity to use the recommended 16 MB/s, or choose Specify throughput capacity and enter a new rate, which will impact the cost.
    • In the Network and security section, provide the required information.

  • 4.1.3 — Restoring your Amazon FSx file server instance (continued)
    • When restoring an Amazon FSx for Windows file server file system, you need to provide the Windows authentication information used to access the file system. You also have the option of creating a new directory. You cannot change the type of Active Directory on the file system during the restore of a backup.
  • 4.1.4 — Restoring your Amazon FSx file server instance (continued)
    • In the Encryption section, you can now choose the encryption keys that you want to use for the new Amazon FSx file system.
    • For Backup and maintenance, provide the information to set your backup preferences. The restore action creates a new FSx for Windows file server, which should be configured with a backup to ensure it is protected after restoring the new copy.

  • 4.1.5 — Restoring your Amazon FSx file server instance (continued)
    • In the Restore role section, choose the default IAM role that AWS Backup will use to create and manage the backups.
    • Choose Restore backup. This will perform a restore of the backup.
  • 4.1.6 — Restoring your Amazon FSx file server instance (continued)
    • The Restore jobs pane appears. A message at the top of the page provides information about the restore job.
The restored backup job will appear under Restore jobs in the AWS Backup console.

  • 4.1.7 — Restoring your Amazon FSx file server instance (continued)
    • Once the job status appears as completed, navigate to the Amazon FSx console, select File systems in the left navigation pane to see the restored FSx file server.

You can now mount the Amazon FSx file system on the Windows EC2 instance using the DNS name of the file system.

Step 5: Clean up

In the following steps, you clean up the resources you created in this tutorial. It is a best practice to delete instances and resources that you are no longer using so that you are not continually charged for them.

Delete the FSx file system

5.1 — Open the Amazon FSx file system console.
5.2 — In the navigation pane, choose File systems.
5.3 — Select the restored FSx file system, and choose Actions, Delete file system.
5.4 — Select No for Create final backup and enter the File system ID for confirmation.
5.5 — Select Delete file system.
5.6 — Open the AWS Backup console and navigate to the vault where the recovery point is stored.
5.7 — Select the recovery point and select Delete.

Note: This process can take several seconds to complete.

Conclusion

Congratulations! In this tutorial, you learned how to protect your FSx Windows file server using AWS Backup by creating an on-demand and scheduled backup and restoring your backup to a new file server. AWS Backup also protects FSx file systems for other protocols, such as Lustre, OpenZFS, and NetApp. See the Next steps section for more details.

Was this page helpful?

 Feedback

Next steps

Protecting Amazon FSx for Lustre Using AWS Backup

Apply the same approach used in this tutorial to back up an Amazon FSx for Lustre file system, create a backup plan to automate your backups, and define resources to be protected by adding them to an existing backup plan using tags.

Back Up and Restore an Amazon FSx for OpenZFS File System with AWS Backup

In this blog post, learn how to use AWS Backup to back up an Amazon FSx for OpenZFS file system, make a copy of the backup to a different account, and restore the file system locally in that account.

Learn About AWS Backup Support for Amazon FSx for NetApp ONTAP

In this blog post from Jeff Barr, Chief Evangelist for AWS, learn how to back up and restore an ONTAP file system using AWS Backup.